allow cbc, hmac and kex to be configured individually for client and server.

[bkw]

This PR deprecates require_cbc, weak_hmac and weak_kex from the ['ssh']attribute namespace and moves them to ['ssh']['client'] and ['ssh']['server'] instead.
The attributes in 'client' only affect the client, whereas 'server' affects only the configuration of the server.
I.e. node['ssh']['client']['weak_hmac'] only adds hmac_sha1 to the MACs of ssh_config without weakening the hmacs of the server in sshd_config, and so forth.

Real-world usecase: gitlab server with developers using Eclipse. For EGit we have to support hmac_sha1 on the server, but I don't want to allow that for the installed client.

The PR contains compat suport for the old attributes and tests to verify the precedence logic.

The reason why I don't let the client- and server-variants take precedence over the corresponding legacy value is that an existing chef client might still have the legacy value stored, and the user may not have noticed the new attributes yet.
Instead the following logic is applied (and documented in the code):

• If one of the global legacy attributes is found with value of true and both client and server variants are both unaltered from their default value false, then the legacy attribute takes precedence and sets both to true.
• If either one of the client or server values is true we assume the user has seen the new settings and ignore the legacy value
• In any case where any of the legacy attributes is true, a warning is emitted, mentioning the fate of the value for both client and server configs.

TL;DR:
Please merge, everything will be fine ;-)

[coveralls]

Coverage remained the same when pulling 7b6aca3 on bkw:splitWeakCipers into e288bc4 on TelekomLabs:master.

[coveralls]

Coverage remained the same when pulling 7d4722b on bkw:splitWeakCipers into 7bccda5 on TelekomLabs:master.

[bkw]

rebased to current master.

[chris-rock]

this is a great improvement. thanks @bkw