Make it clearer that detached SSH cert is optional.

Someone just asked us a question which suggests they might have thought
they need to supply both files in the 'Public-key authentication' box in
the config dialog, to use public-key authentication at all. I can see
why someone might think that, anyway.

config.c

@@ -2917,7 +2917,8 @@ void setup_config_box(struct controlbox *b, bool midsession,
                          FILTER_KEY_FILES, false, "Select private key file",
                          HELPCTX(ssh_auth_privkey),
                          conf_filesel_handler, I(CONF_keyfile));
-            ctrl_filesel(s, "Certificate to use with the private key:", 'e',
+            ctrl_filesel(s, "Certificate to use with the private key "
+                         "(optional):", 'e',
                          NULL, false, "Select certificate file",
                          HELPCTX(ssh_auth_cert),
                          conf_filesel_handler, I(CONF_detached_cert));

doc/config.but

@@ -3033,6 +3033,9 @@ PuTTY can't fall back to using this file itself.
 
 \S{config-ssh-cert} \q{\ii{Certificate} to use with the private key}
 
+(This is optional. If you don't know you need it, you can leave this
+blank.)
+
 In some environments, user authentication keys can be signed in turn
 by a \q{certifying authority} (\q{CA} for short), and user accounts on
 an SSH server can be configured to automatically trust any key that's