Update sshd_config for "denied ssh access" group

Local OpenLDAP and WAD servers are being used for k8s api and SSH
authentication. We need the ability to disallow SSH authentication
for selective users. As part of the solution, we create a Linux
group where all ldap users with "denied ssh access" will be added.
This commit sets the group for "denied ssh access" in the sshd
configuration file "/etc/ssh/sshd_config".

Test Plan:
PASS: Debian image gets successfully installed in AIO-SX system.
PASS: Verify the Linux group has been created and the sshd
configuration file was updated with denied ssh access for that group.
PASS: Create an openldap user and add to the "deny ssh access" group.
Verify that the user cannot ssh.
PASS: Create a WAD group with the same name and gidNumber as the
Linux group for "deny ssh access". Create a WAD user in this group.
Validate that the new WAD user in the "deny ssh group" cannot ssh
to stx platform.
PASS: Remove the WAD user from the WAD "deny ssh access" group.
Validate that now the user can have ssh access to stx platform.
PASS: Remove the openldap user from the Linux "deny ssh access" group.
Validate that now the user can have ssh access to stx platform.

Story: 2010589
Task: 48231
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/886150

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: If96f3f52cb10a8c32df5b777ba7c85f33edb3f96

openssh-config/source-debian/sshd_config

@@ -139,6 +139,7 @@ Subsystem       sftp    /usr/lib/openssh/sftp-server
 #       PermitTTY no
 #       ForceCommand cvs server
 DenyUsers admin secadmin operator
+DenyGroups denyssh
 # Filtered cipher, MAC and key exchange algorithm list, defaults can be
 # obtained by ssh -Q cipher, ssh -Q mac and ssh -Q kex
 # TODO (aning): once openssh is updated to 7.5, an explicit exclusion list