Re-enable SshHostKeyVerificationStrategyTest in CI (pin/switch off deprecated jenkins/ssh-slave image)

[nogueiraanderson]

Summary

SshHostKeyVerificationStrategyTest is currently excluded from CI (.github/workflows/ci.yml) because its ed25519 case fails on the GitHub Actions runner. This issue tracks restoring it.

Details

• The test is a Testcontainers test that boots the deprecated, unpinned jenkins/ssh-slave image (ConnectionExtension.java), reads each host key via cat /etc/ssh/ssh_host_<alg>_key.pub, and asserts the live MINA-SSHD handshake key matches the console copy.
• On the amd64 GitHub Actions runner it fails only for ed25519 (ecdsa and rsa pass); the live ed25519 key does not match the console copy. It does not run at all in the local/dev env (Testcontainers + aarch64).
• This exercises upstream host-key-verification code; it is unrelated to the Percona patches (verified: MockEC2Computer.getState() is a pure override, and the test does not exercise the shared-SshClient verifier-registration path). The released plugin's verification logic is unaffected.

Proposed fix

• Replace the deprecated jenkins/ssh-slave with the maintained jenkins/ssh-agent, pinned to a digest/tag, in ConnectionExtension, then drop the CI exclusion and re-enable the class.
• Consider reporting the ed25519 fragility upstream (jenkinsci/ec2-plugin), since the root cause is in the upstream test image, not this fork.

Acceptance

• SshHostKeyVerificationStrategyTest runs and passes on CI (all algorithms), and the -Dtest=!... exclusion is removed from ci.yml.