Support alternative sudo authentication methods

It seems that morph implements its own password prompt, and it will pass -n to sudo it not using --passwd:

Lines 149 to 154 in 5b85237

    
           if sshCtx.sudoPassword != "" { 
        
           	cmdArgs = append(cmdArgs, "-S") 
        
           } else { 
        
           	// no password supplied; request non-interactive sudo, which will fail with an error if a password was required 
        
           	cmdArgs = append(cmdArgs, "-n") 
        
           }

The problem with this is that when using non-standard PAM modules to authenticate, the password prompt flow may be different. For example, the PAM module may ask more than one question, or even none at all.

I'm running into the latter case: using yubikey-agent + pam_ssh_agent_auth, I never actually have to type anything on the remote. The agent will prompt for the pin locally using pinentry, and then most of the time touching the yubikey is enough to authenticate.

If I don't pass --passwd to morph, the PAM module doesn't seem to get a chance to run, and sudo complains that a password is required. If I do, morph prompts for an (unnecessary) password, and entering any bogus, but non-empty value allows me to successfully authenticate using the yubikey.

It might be sensible to allow sudo's interactive authentication to run properly, and in fact I would expect --passwd to do just that rather than implement its own password prompt.

Also it seems sudo's own authentication cache is not working at all, because I have to touch the yubikey multiple times. Maybe that was the reason for implementing a prompt in morph in the first place?

	if sshCtx.sudoPassword != "" {
	cmdArgs = append(cmdArgs, "-S")
	} else {
	// no password supplied; request non-interactive sudo, which will fail with an error if a password was required
	cmdArgs = append(cmdArgs, "-n")
	}