SSH: Separate host CA from user CA

[edoput]

We should really do this. The host CA can still be available to ansible but the user CA should not.

Moreover we should then separate them in the ansible playbook too

[cimbalo]

Since 42d2568 cas implementation have supported request type.
We can implement SSHHostAuthority and SSHUserAuthority that both inherit from SSHAuthority but only support respectively HostSSHRequest and UserSSHRequest request.

Take a look at compatible_requests attribute for ca [1].

[1] https://github.com/LILiK-117bis/ca_manager/blob/master/models/ssh.py#L71