allow-ssh.inc: allow /etc/ssh/ssh_config

This is the system-wide equivalent of ~/.ssh/config.

    $ pacman -Q openssh
    openssh 8.4p1-2

Reasons for blacklisting both /etc/ssh and /etc/ssh/* on
disable-common.inc:

Leave /etc/ssh that way so that profiles without allow-ssh.inc remain
unable to see inside of /etc/ssh.  And blacklist /etc/ssh/* so that
profiles with allow-ssh.inc are able to access only nonblacklisted files
inside of /etc/ssh.

etc/inc/allow-ssh.inc

@@ -3,3 +3,5 @@
 include allow-ssh.local
 
 noblacklist ${HOME}/.ssh
+noblacklist /etc/ssh
+noblacklist /etc/ssh/ssh_config

etc/inc/disable-common.inc

@@ -396,6 +396,7 @@ blacklist /etc/shadow
 blacklist /etc/shadow+
 blacklist /etc/shadow-
 blacklist /etc/ssh
+blacklist /etc/ssh/*
 blacklist /home/.ecryptfs
 blacklist /home/.fscrypt
 blacklist /var/backup

etc/profile-m-z/ssh-agent.profile

@@ -6,7 +6,7 @@ include ssh-agent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /etc/ssh
+noblacklist /etc/ssh/*
 noblacklist /tmp/ssh-*
 
 # Allow ssh (blacklisted by disable-common.inc)

etc/profile-m-z/ssh.profile

@@ -7,7 +7,7 @@ include ssh.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /etc/ssh
+noblacklist /etc/ssh/*
 noblacklist /tmp/ssh-*
 # nc can be used as ProxyCommand, e.g. when using tor
 noblacklist ${PATH}/nc