add ssh user CA support

cmd/dkl-local-server/render-context.go

@@ -148,7 +148,7 @@ func (ctx *renderContext) Tag() (string, error) {
 
 	enc := yaml.NewEncoder(h)
 
-	for _, o := range []interface{}{cfg, ctx} {
+	for _, o := range []any{cfg, ctx} {
 		if err := enc.Encode(o); err != nil {
 			return "", err
 		}
@@ -157,21 +157,6 @@ func (ctx *renderContext) Tag() (string, error) {
 	return hex.EncodeToString(h.Sum(nil)), nil
 }
 
-func asMap(v interface{}) map[string]interface{} {
-	ba, err := yaml.Marshal(v)
-	if err != nil {
-		panic(err) // shouldn't happen
-	}
-
-	result := make(map[string]interface{})
-
-	if err := yaml.Unmarshal(ba, result); err != nil {
-		panic(err) // shouldn't happen
-	}
-
-	return result
-}
-
 func (ctx *renderContext) TemplateFuncs() map[string]any {
 	funcs := templateFuncs(ctx.SSLConfig)
 
@@ -187,6 +172,14 @@ func (ctx *renderContext) TemplateFuncs() map[string]any {
 			return hex.EncodeToString(ba[:])
 		},
 
+		"ssh_user_ca": func(path, cluster string) (s string, err error) {
+			userCA, err := sshCAPubKey(cluster)
+			return asYaml([]config.FileDef{{
+				Path:    path,
+				Mode:    0644,
+				Content: string(userCA),
+			}})
+		},
 		"ssh_host_keys": func(dir, cluster, host string) (s string, err error) {
 			if host == "" {
 				host = ctx.Host.Name