Comment 4 for bug 1911680

Upon further thought and conversation, we've realised that this represents a security issue. If the following user-data is specified (note that the bootcmd is used to modify SSH's configuration to match the reported one; this happens before SSH starts, and before cloud-init performs any SSH modification and so allows for testing this bug without mastering a new image):

```
#cloud-config
bootcmd:
- sed -i "s,#AuthorizedKeysFile.*,AuthorizedKeysFile /etc/ssh/authorized_keys," /etc/ssh/sshd_configusers:
- name: test_user
  ssh_authorized_keys:
  - ssh-rsa <redacted key material>
```

and the SSH key specified for `test_user` is different to the default SSH key provided for the system, then /etc/ssh/authorized_keys will end up with this content:

```
ssh-rsa <test_user's key material>
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"NONE\" rather than the user \"root\".';echo;sleep 10;exit 142" ssh-rsa <default key's material>
```

and SSHing to the system as root using test_user's key will succeed.

(It has to be as root because cloud-init modifies /etc/ssh and /etc/ssh/authorized_keys to only be accessible/readable by root, and sshd uses the connecting user's permissions to read their authorized keys. But sshd will accept the key for _any_ user that can read /etc/ssh/authorized_keys.)