add authorizedKeys option to ssh service

this has no apparent use as it stands, but opens the door to
having the keys managed by an external secrets service

examples/router-with-l2tp.nix

@@ -184,7 +184,11 @@ in rec {
     dependencies = [ config.services.hostname ];
   };
 
-  services.sshd = svc.ssh.build { };
+  services.sshd = svc.ssh.build {
+    authorizedKeys = {
+      root = rsecrets.root.openssh.authorizedKeys.keys;
+    };
+  };
 
   services.lns-address = let
     ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)";