allow-ssh.inc: allow access to ssh-agent(1)

Leaving it limited to only ssh, ssh-agent and seahorse by default seems
unnecessarily restrictive.

From ssh(1):

> The most convenient way to use public key or certificate
> authentication may be with an authentication agent.  See ssh-agent(1)
> and (optionally) the AddKeysToAgent directive in ssh_config(5) for
> more information.

    $ pacman -Q openssh
    openssh 8.4p1-2

With ssh-agent(1) running in the background (and with the private key(s)
loaded through ssh-add(1)), ssh(1) doesn't need direct access to the
actual key pair(s), so you could probably get away with this on
allow-ssh.local:

    ignore noblacklist ${HOME}/.ssh
    noblacklist ${HOME}/.ssh/config
    noblacklist ${HOME}/.ssh/config.d
    noblacklist ${HOME}/.ssh/known_hosts

And then this on the profiles of ssh key pair managers, such as
seahorse.local:

    noblacklist ${HOME}/.ssh

etc/inc/allow-ssh.inc

@@ -5,3 +5,4 @@ include allow-ssh.local
 noblacklist ${HOME}/.ssh
 noblacklist /etc/ssh
 noblacklist /etc/ssh/ssh_config
+noblacklist /tmp/ssh-*

etc/profile-m-z/seahorse.profile

@@ -9,7 +9,6 @@ include globals.local
 blacklist /tmp/.X11-unix
 
 noblacklist ${HOME}/.gnupg
-noblacklist /tmp/ssh-*
 
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc

etc/profile-m-z/ssh-agent.profile

@@ -6,8 +6,6 @@ include ssh-agent.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /tmp/ssh-*
-
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc
 

etc/profile-m-z/ssh.profile

@@ -7,7 +7,6 @@ include ssh.local
 # Persistent global definitions
 include globals.local
 
-noblacklist /tmp/ssh-*
 # nc can be used as ProxyCommand, e.g. when using tor
 noblacklist ${PATH}/nc
 noblacklist ${PATH}/ncat