litestream: fix CVE-2024-41254 by adding SSH host key verification

Apply patch from upstream commit f6c859061bfd7ccc2a21fcde3e9f0eb9ad98cd5e
by benbjohnson that adds optional SSH host key verification to SFTP
connections. This addresses CVE-2024-41254 where InsecureIgnoreHostKey()
was used unconditionally, allowing potential MITM attacks.

The patch adds a new `host-key-path` configuration option that allows
users to specify a file containing the SSH host key for verification.
When not specified, it maintains backward compatibility by falling back
to the insecure behavior.

Fixes: #388411

0 files changed, 0 insertions, 0 deletions