V9.14.022.2026.06.11: enforce secret and cleanup safeguards

lib/lib_hardening_ultra.sh

@@ -182,6 +182,8 @@ hardening_ultra() {
   printf "\e[95m🧪 Updating SSH Keys, Ports ... \e[0m\n"
 
   ### ./config/includes.chroot/root/.ssh ---------------------------------------------------------------------------------------
+  validate_secret_absolute_directory "${VAR_SSHPUBKEY}" "SSH public-key directory" || return "${ERR_SECRET_PATH}"
+  validate_secret_file "${VAR_SSHPUBKEY}/authorized_keys" "SSH authorized_keys file" || return "${ERR_SECRET_PATH}"
   install -d -m 0700 "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh"
   install -m 0600 -o root -g root "${VAR_SSHPUBKEY}/authorized_keys" "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ssh/"