Implement SSH Keep-alive support

- Add keep_alive_interval and keep_alive_max_count to SshSecurityConfig
- Enterprise default: 15s interval, 3 max failures
- Development default: 30s interval, 5 max failures
- Track last_activity timestamp in service loop
- Send keepalive@openssh.com channel request when idle
- Disconnect after max keepalive failures
- Add build_keepalive_request() and get_first_session_channel()
- Prevents connection timeout on idle SSH sessions

All 229 tests pass.

markbase-core/src/ssh_server/channel.rs

@@ -1359,6 +1359,35 @@ impl ChannelManager {
         false
     }
 
+    /// Keep-alive: Get first session channel for keepalive request
+    pub fn get_first_session_channel(&self) -> Option<u32> {
+        for (&id, channel) in &self.channels {
+            if channel.channel_type == "session" {
+                return Some(id);
+            }
+        }
+        None
+    }
+
+    /// Keep-alive: Build keepalive@openssh.com channel request
+    pub fn build_keepalive_request(&self, channel_id: u32) -> Result<SshPacket> {
+        let mut payload = Vec::new();
+        use byteorder::{BigEndian, WriteBytesExt};
+
+        payload.write_u8(PacketType::SSH_MSG_CHANNEL_REQUEST as u8)?;
+        payload.write_u32::<BigEndian>(channel_id)?;
+        
+        // Request type: keepalive@openssh.com (SSH string)
+        let keepalive_type = "keepalive@openssh.com";
+        payload.write_u32::<BigEndian>(keepalive_type.len() as u32)?;
+        payload.write_all(keepalive_type.as_bytes())?;
+        
+        // want_reply = true
+        payload.write_u8(1)?;
+
+        Ok(SshPacket::new(payload))
+    }
+
     /// Phase 17: 关闭所有子进程stdin（收到CHANNEL_EOF时调用）
     /// SCP upload需要：scp -t 等待EOF on stdin才知道数据传输完毕
     pub fn close_child_stdin(&mut self) {