nixos/sshd: don't use -a (KDF rounds) on host keys

The nixos `sshd.nix` module contains a
mechanism to generate ssh host keys prior to
starting sshd if those host keys are missing.
The option `services.openssh.hostKeys` is used to
configure which host keys should exist or be created.
It also declares the key type and other key-related options.

One of those options is `rounds`.
That one is then forwarded to the
`ssh-keygen` program with the `-a` option.
It defines how many rounds of a key derivation function
are to be used on the key's passphrase before the result
is used to en-/decrypt the private key; cf. ssh-keygen(1).

ssh host keys are passwordless;
they are solely protected by filesystem access modes.
Hence, the `-a` option is irrelevant
and silently ignored by `ssh-keygen`.

The commit at hand therefore removes this option from
the host key generation script and the option examples.

nixos/modules/services/networking/ssh/sshd.nix

@@ -366,13 +366,11 @@ in
             type = "rsa";
             bits = 4096;
             path = "/etc/ssh/ssh_host_rsa_key";
-            rounds = 100;
             openSSHFormat = true;
           }
           {
             type = "ed25519";
             path = "/etc/ssh/ssh_host_ed25519_key";
-            rounds = 100;
             comment = "key comment";
           }
         ];
@@ -798,7 +796,6 @@ in
               ssh-keygen \
                 -t "${k.type}" \
                 ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \
-                ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \
                 ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \
                 ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \
                 -f "${k.path}" \