feat(ssh): change SSH key uniqueness to per-user scope

Previously, SSH key fingerprints were globally unique across all users,
preventing the same key from being registered by different users. This
change makes fingerprint uniqueness scoped to individual users.

- Remove global unique constraints on payload and fingerprint columns
- Add composite unique constraint on (user_id, fingerprint)
- Make add_ssh_key operation idempotent for same user
- Return tuple (SSHKey, is_new) from service to indicate creation status
- Update API to return 200 for existing keys, 201 for new keys

BREAKING CHANGE: API behavior changed - duplicate key addition now
returns 200 OK instead of 409 Conflict. Service method signature changed
from returning SSHKey to tuple[SSHKey, bool].

gatehouse_app/models/ssh_ca/ssh_key.py

@@ -21,10 +21,10 @@ class SSHKey(BaseModel):
     )
 
     # SSH key payload in OpenSSH format (e.g., "ssh-ed25519 AAAAB3Nz...")
-    payload = db.Column(db.Text, nullable=False, unique=True)
+    payload = db.Column(db.Text, nullable=False)
 
     # SHA256 fingerprint for quick comparison and deduplication
-    fingerprint = db.Column(db.String(255), nullable=False, unique=True, index=True)
+    fingerprint = db.Column(db.String(255), nullable=False, index=True)
 
     # Optional human-readable description (e.g., "My laptop key")
     description = db.Column(db.String(255), nullable=True)
@@ -53,6 +53,7 @@ class SSHKey(BaseModel):
 
     __table_args__ = (
         db.Index("idx_ssh_key_user_verified", "user_id", "verified"),
+        db.UniqueConstraint('user_id', 'fingerprint', name='uix_user_fingerprint'),
     )
 
     def __repr__(self):