Support agent-based sudo via PAM

[reardencode]

An interesting use of agent forwarding, combined with a hardware-based SSH key (eg. Yubikey) that I discovered recently is to have sudo on a remote machine depend on a signature provided by the installed SSH agent. This would be a great use case for guardian agent IMO. I'm guessing it would require writing a separate PAM module, since guardian agent doesn't provide SSH_AUTH_SOCK for the existing PAM module to query.