pub fn check_cert_validity(cert_path: &Path) -> CertStatusExpand description
Check the validity of an SSH certificate file via ssh-keygen -L.
Timezone note: ssh-keygen -L outputs local civil time, which parse_ssh_datetime
converts to pseudo-epoch seconds. Rather than comparing against UTC now (which would
be wrong in non-UTC zones), we compute the TTL from the parsed from/to difference
(timezone-independent) and measure elapsed time since the cert file was written (UTC
file mtime vs UTC now). This keeps both sides in the same reference frame.