[experimental] add ssh certificate authorities as feature flags

[iQQBot]

Description

[experimental] add ssh certificate authorities as feature flags

This provides us with a solution that allows for quick rollback. When this feature is stable, we can remove the experimental flag.

Summary generated by Copilot

🤖[deprecated] Generated by Copilot at ae4edb1

This pull request adds a new feature flag for enabling SSH certificate authorities (SSH CA) for workspaces. It updates the server, ws-manager, ws-manager-mk2, and gitpod-protocol components to support and use the new flag. It also modifies the core protocol buffer definitions and the generated files to include the new flag.

Related Issue(s)

Fixes ENG-1331

How to test

1. start a workspace in preview env, the the feature flags for preview env is enabled by default
2. connect workspace via ssh, run ls -lah ~/.ssh/ is should not have authorized_keys
3. go to configcat, set disable isSSHCertificateAuthoritiesEnabled for your userId
4. wait for 5min
5. start a new workspace, redo the test above, when run ls -lah ~/.ssh/ you should see authorized_keys

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - pd-ssh-ca-ff
• 🔗 URL - pd-ssh-ca-ff.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - pd-ssh-ca-ff-gha.21458
• 🗒️ Logs - GCP Logs Explorer

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• /werft preemptible
  Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[iQQBot]

With feature flags enabled	With feature flags disabled

[akosyakov]

to unblock

[kylos101]

Code looks good, but, leaving the hold.

Preview is down, so cannot test. Rebuilding now, and will retest in a couple hours. After which, if okay, I will remove the hold.