CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster

## Summary: `CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256` base64 encoded host fingerprint is compared case-insensitive by accident. This means that it is technically possible (however still difficult) to create forged ssh host key that matches in this comparison. The bug appears to have been introduced when adding `CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256` support, and then copying the case insensitive comparison of the string for` CURLOPT_SSH_HOST_PUBLIC_KEY_MD5` (where it is appropriate since the MD5 fingerprint is a hex string). This bug as added by commit https://github.com/curl/curl/commit/d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c ## Impact Host identify spoofing