Decouple SSH Configuration from Password Provisioning

Description

Currently, the provisioning flow automatically updates SSH configuration
(/etc/ssh/sshd_config.d/50-azure-init.conf or /etc/ssh/sshd_config)
to set PasswordAuthentication yes/no based on whether a password provisioner is configured.
This happens immediately after password provisioning in Provision::provision().

Problem

• SSH configuration logic is tightly coupled with password provisioning.
• Consumers cannot independently control SSH settings without triggering password logic.

Proposed Solution

Move SSH configuration logic out of the automatic provisioning flow and into a separate function/step. This would allow:

• set_user_password() and lock_user() to have zero SSH impact.
• SSH configuration to become an independent choice for consumers.
• WALinuxAgent/Flatcar (and similar) to handle their own SSH config logic as needed.
• The traditional Provision::provision() flow could still update SSH config, but as a separate step from password logic.