Framework for announcing which Interactor is talking.

All this Interactor business has been gradually working towards being
able to inform the user _which_ network connection is currently
presenting them with a password prompt (or whatever), in situations
where more than one of them might be, such as an SSH connection being
used as a proxy for another SSH connection when neither one has
one-touch login configured.

At some point, we have to arrange that any attempt to do a user
interaction during connection setup - be it a password prompt, a host
key confirmation dialog, or just displaying an SSH login banner -
makes it clear which host it's come from. That's going to mean calling
some kind of announcement function before doing any of those things.

But there are several of those functions in the Seat API, and calls to
them are scattered far and wide across the SSH backend. (And not even
just there - the Rlogin backend also uses seat_get_userpass_input).
How can we possibly make sure we don't forget a vital call site on
some obscure little-tested code path, and leave the user confused in
just that one case which nobody might notice for years?

Today I thought of a trick to solve that problem. We can use the C
type system to enforce it for us!

The plan is: we invent a new struct type which contains nothing but a
'Seat *'. Then, for every Seat method which does a thing that ought to
be clearly identified as relating to a particular Interactor, we
adjust the API for that function to take the new struct type where it
previously took a plain 'Seat *'. Or rather - doing less violence to
the existing code - we only need to adjust the API of the dispatch
functions inline in putty.h.

How does that help? Because the way you _get_ one of these
struct-wrapped Seat pointers is by calling interactor_announce() on
your Interactor, which will in turn call interactor_get_seat(), and
wrap the returned pointer into one of these structs.

The effect is that whenever the SSH (or Rlogin) code wants to call one
of those particular Seat methods, it _has_ to call
interactor_announce() just beforehand, which (once I finish all of
this) will make sure the user is aware of who is presenting the prompt
or banner or whatever. And you can't forget to call it, because if you
don't call it, then you just don't have a struct of the right type to
give to the Seat method you wanted to call!

(Of course, there's nothing stopping code from _deliberately_ taking a
Seat * it already has and wrapping it into the new struct. In fact
SshProxy has to do that, in order to forward these requests up the
chain of Seats. But the point is that you can't do it _by accident_,
just by forgetting to make a vital function call - when you do that,
you _know_ you're doing it on purpose.)

No functional change: the new interactor_announce() function exists,
and the type-system trick ensures it's called in all the right places,
but it doesn't actually _do_ anything yet.

putty.h

@@ -633,6 +633,24 @@ enum {
 /* In (no)sshproxy.c */
 extern const bool ssh_proxy_supported;
 
+/*
+ * This structure type wraps a Seat pointer, in a way that has no
+ * purpose except to be a different type.
+ *
+ * The Seat wrapper functions that present interactive prompts all
+ * expect one of these in place of their ordinary Seat pointer. You
+ * get one by calling interactor_announce (defined below), which will
+ * print a message (if not already done) identifying the Interactor
+ * that originated the prompt.
+ *
+ * This arranges that the C type system itself will check that no call
+ * to any of those Seat methods has omitted the mandatory call to
+ * interactor_announce beforehand.
+ */
+struct InteractionReadySeat {
+    Seat *seat;
+};
+
 /*
  * The Interactor trait is implemented by anything that is capable of
  * presenting interactive prompts or questions to the user during
@@ -688,6 +706,8 @@ static inline Seat *interactor_get_seat(Interactor *itr)
 static inline void interactor_set_seat(Interactor *itr, Seat *seat)
 { itr->vt->set_seat(itr, seat); }
 
+InteractionReadySeat interactor_announce(Interactor *itr);
+
 /* Interactors that are Backends will find this helper function useful
  * in constructing their description strings */
 char *default_description(const BackendVtable *backvt,
@@ -1277,10 +1297,12 @@ static inline bool seat_eof(Seat *seat)
 { return seat->vt->eof(seat); }
 static inline void seat_sent(Seat *seat, size_t bufsize)
 { seat->vt->sent(seat, bufsize); }
-static inline size_t seat_banner(Seat *seat, const void *data, size_t len)
-{ return seat->vt->banner(seat, data, len); }
-static inline int seat_get_userpass_input(Seat *seat, prompts_t *p)
-{ return seat->vt->get_userpass_input(seat, p); }
+static inline size_t seat_banner(
+    InteractionReadySeat iseat, const void *data, size_t len)
+{ return iseat.seat->vt->banner(iseat.seat, data, len); }
+static inline int seat_get_userpass_input(InteractionReadySeat iseat,
+                                          prompts_t *p)
+{ return iseat.seat->vt->get_userpass_input(iseat.seat, p); }
 static inline void seat_notify_session_started(Seat *seat)
 { seat->vt->notify_session_started(seat); }
 static inline void seat_notify_remote_exit(Seat *seat)
@@ -1294,19 +1316,21 @@ static inline char *seat_get_ttymode(Seat *seat, const char *mode)
 static inline void seat_set_busy_status(Seat *seat, BusyStatus status)
 { seat->vt->set_busy_status(seat, status); }
 static inline int seat_confirm_ssh_host_key(
-    Seat *seat, const char *h, int p, const char *ktyp, char *kstr,
-    const char *kdsp, char **fps, bool mis,
+    InteractionReadySeat iseat, const char *h, int p, const char *ktyp,
+    char *kstr, const char *kdsp, char **fps, bool mis,
     void (*cb)(void *ctx, int result), void *ctx)
-{ return seat->vt->confirm_ssh_host_key(seat, h, p, ktyp, kstr, kdsp, fps,
-                                        mis, cb, ctx); }
+{ return iseat.seat->vt->confirm_ssh_host_key(
+        iseat.seat, h, p, ktyp, kstr, kdsp, fps, mis, cb, ctx); }
 static inline int seat_confirm_weak_crypto_primitive(
-    Seat *seat, const char *atyp, const char *aname,
+    InteractionReadySeat iseat, const char *atyp, const char *aname,
     void (*cb)(void *ctx, int result), void *ctx)
-{ return seat->vt->confirm_weak_crypto_primitive(seat, atyp, aname, cb, ctx); }
+{ return iseat.seat->vt->confirm_weak_crypto_primitive(
+        iseat.seat, atyp, aname, cb, ctx); }
 static inline int seat_confirm_weak_cached_hostkey(
-    Seat *seat, const char *aname, const char *better,
+    InteractionReadySeat iseat, const char *aname, const char *better,
     void (*cb)(void *ctx, int result), void *ctx)
-{ return seat->vt->confirm_weak_cached_hostkey(seat, aname, better, cb, ctx); }
+{ return iseat.seat->vt->confirm_weak_cached_hostkey(
+        iseat.seat, aname, better, cb, ctx); }
 static inline bool seat_is_utf8(Seat *seat)
 { return seat->vt->is_utf8(seat); }
 static inline void seat_echoedit_update(Seat *seat, bool ec, bool ed)
@@ -1347,12 +1371,12 @@ static inline size_t seat_stderr_pl(Seat *seat, ptrlen data)
 { return seat_output(seat, SEAT_OUTPUT_STDERR, data.ptr, data.len); }
 
 /* Alternative API for seat_banner taking a ptrlen */
-static inline size_t seat_banner_pl(Seat *seat, ptrlen data)
-{ return seat->vt->banner(seat, data.ptr, data.len); }
+static inline size_t seat_banner_pl(InteractionReadySeat iseat, ptrlen data)
+{ return iseat.seat->vt->banner(iseat.seat, data.ptr, data.len); }
 
 /* In the utils subdir: print a message to the Seat which can't be
  * spoofed by server-supplied auth-time output such as SSH banners */
-void seat_antispoof_msg(Seat *seat, const char *msg);
+void seat_antispoof_msg(InteractionReadySeat iseat, const char *msg);
 
 /*
  * Stub methods for seat implementations that want to use the obvious