Unlock account when SSH public-key is set

[stefanb2]

Commit 4b9cd15 breaks public-key SSH configuration.

Make sure first user has a shell when PUBKEY_SSH_FIRST_USER is set.

[XECDesign]

One of the first things build.sh enforces is that if you disable first user rename, you must set a password. If you ssh in while first boot wizard is running in the background, you'll end up in a bad situation. I can't find the issue report now, but that's why this commit was added in the first place - someone modified an image to enable ssh, added their key, sshed in, then ran though the wizard while logged in as the temporary first user.

Also, with a recent change that disables passwordless sudo by default, not setting a password can lock you out from doing anything useful on your system once you're in.

I'm not against the PR, but it needs to be done in a way that prevents such issues.

[stefanb2]

I guess that makes sense from the Raspberry Pi Imager use case, but then PUBKEY_SSH_FIRST_USER & friends should be removed too, because they no longer work.

Let rework this.

[stefanb2]

I realized that a new option isn't required at all and moved the code behind the PUBKEY_SSH_FIRST_USER conditional in stage2.

As build.sh only allows FIRST_USER_PASS to be unset when DISABLE_FIRST_BOOT_USER_RENAME is set to 0, your first concern should be addressed by this updated PR.

Passwordless sudo is a separate case. I.e. I'm aware that I have to enable that option during the next upstream rebase of my branches.