Move sanitisation of k-i prompts into the SSH code.

Now, instead of each seat's prompt-handling function doing the
control-char sanitisation of prompt text, the SSH code does it. This
means we can do it differently depending on the prompt.

In particular, prompts _we_ generate (e.g. a genuine request for your
private key's passphrase) are not sanitised; but prompts coming from
the server (in keyboard-interactive mode, or its more restricted SSH-1
analogues, TIS and CryptoCard) are not only sanitised but also
line-length limited and surrounded by uncounterfeitable headers, like
I've just done to the authentication banners.

This should mean that if a malicious server tries to fake the local
passphrase prompt (perhaps because it's somehow already got a copy of
your _encrypted_ private key), you can tell the difference.

terminal.h

@@ -100,8 +100,6 @@ struct terminal_tag {
     termchar basic_erase_char, erase_char;
 
     bufchain inbuf;		       /* terminal input buffer */
-    bufchain_sink inbuf_bs;
-    StripCtrlChars *inbuf_scc;
 
     pos curs;			       /* cursor */
     pos savecurs;		       /* saved cursor position */