test: add SSH security tests for FR-006 compliance

- Test SSH password authentication is disabled
- Test SSH root login is disabled

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>

tests/security/compliance_comprehensive_test.bats

@@ -20,3 +20,12 @@
 @test "Firewall configured" {
     grep -q "nftables" /workspace/config/package-lists/knel-football.list.chroot
 }
+
+# FR-006: SSH Access - Key-Based Authentication Only
+@test "SSH password authentication disabled" {
+    grep -q "PasswordAuthentication no" /workspace/src/security-hardening.sh
+}
+
+@test "SSH root login disabled" {
+    grep -q "PermitRootLogin no" /workspace/src/security-hardening.sh
+}