types.singleLineStr: strings that don't contain '\n'

Add a new type, inheriting 'types.str' but checking whether the value
doesn't contain any newline characters.

The motivation comes from a problem with the
'users.users.${u}.openssh.authorizedKeys' option.
It is easy to unintentionally insert a newline character at the end of a
string, or even in the middle, for example:

    restricted_ssh_keys = command: keys:
      let
        prefix = ''
          command="${command}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding
        '';
      in map (key: "${prefix} ${key}") keys;

The 'prefix' string ends with a newline, which ends up in the middle of
a key entry after a few manipulations.

This is problematic because the key file is built by concatenating all
the keys with 'concatStringsSep "\n"', with result in two entries for
the faulty key:

    ''
      command="...",options...
      MY_KEY
    ''

This is hard to debug and might be dangerous. This is now caught at
build time.

lib/types.nix

@@ -300,6 +300,13 @@ rec {
       inherit (str) merge;
     };
 
+    singleLineStr = mkOptionType {
+      name = "singleLineStr";
+      description = "string that doesn't contain '\\n'";
+      check = x: str.check x && !(lib.hasInfix "\n" x);
+      inherit (str) merge;
+    };
+
     strMatching = pattern: mkOptionType {
       name = "strMatching ${escapeNixString pattern}";
       description = "string matching the pattern ${pattern}";

nixos/modules/services/networking/ssh/sshd.nix

@@ -30,7 +30,7 @@ let
 
     options.openssh.authorizedKeys = {
       keys = mkOption {
-        type = types.listOf types.str;
+        type = types.listOf types.singleLineStr;
         default = [];
         description = ''
           A list of verbatim OpenSSH public keys that should be added to the