See PHI358. The bin/almanac [un]trust-key workflows don't properly purge the SSH key cache, but should.

• Added key ssh-rsa xyz to a device.
• Used bin/ssh-auth | grep xyz to test for the presence of the key.
• Before patch: Saw it not present, trusted it, saw it still not present.
• After patch: Saw it not present, trusted it, saw it now present. Untrusted it, saw it no longer present.