openssh: sync update document with main

(cherry picked from commit 519496a)
(cherry picked from commit 576b477)
(cherry picked from commit 35a0342)
(cherry picked from commit f3fd885)
(cherry picked from commit b645ee1)
(cherry picked from commit 438fd19)

crypto/openssh/FREEBSD-upgrade

@@ -39,6 +39,13 @@
 
     $ git tag -a -m "Tag OpenSSH X.YpZ" vendor/openssh/X.YpZ
 
+    At this point the vendor branch can be pushed to the FreeBSD repo via:
+
+    $ git push freebsd vendor/openssh
+
+    (It could also be pushed later on, along with the merge to main, but
+    pushing now allows others to collaborate.)
+
 08) Check out head and run the pre-merge script, which strips our RCS
     tags from files that have them:
 
@@ -96,7 +103,12 @@
     something significant changes or if ssh_namespace.h is out of
     whack.
 
-12) Commit, and hunker down for the inevitable storm of complaints.
+12) Update nanobsd's copies of the ssh config files:
+
+    tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config
+    tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config
+
+13) Commit, and hunker down for the inevitable storm of complaints.
 
 
 
@@ -161,10 +173,12 @@
    counting; the agent will automatically exit when the last client
    disconnects.
 
-7) Class-based login restrictions
+7) Class-based login restrictions (27ceebbc2402)
 
-   We've added code to auth2.c to enforce the host.allow, host.deny,
-   times.allow and times.deny login class capabilities.
+   We've added code to auth.c to enforce the host.allow, host.deny,
+   times.allow and times.deny login class capabilities, based on an
+   upstream submission from
+   https://github.com/openssh/openssh-portable/pull/262.
 
 8) HPN