* Prevent ssh.Session SendRequest from wrapping payload twice
Payloads were inadvertently being wrapped twice by sessions making
the ssh server unable to parse the request payload. This is largely
only an issue for window-change requests, as they are the only request
being sent directly via a session that contains a payload. All window-change
requests now use ssh.Session WindowChange instead or sending the request
manually.
When proxying connections, PuTTY automatically requests the 'simple@putty.projects.tartarus.org' channel
type to indicate that this is a "simple" connection which will not be requesting other channel formats.
A request to Teleport for this channel currently results in the connection being terminated. A better
idea is just to ignore this request.
- Role options now include a `permit_x11_forwarding` bool
which is set to `false` by default.
- Recording proxies now forward X11 requests and channels
when when permitted by RBAC.
- User certs will now include the `permit-X11-forwarding`
extension when permitted by RBAC.
- If X11 forwarding is requested for a session a new `x11`
audit event is emitted by recording proxies.