Support for user level authorized key management
Currently, each user identity is mapped to exactly one SSH public key chosen at registration on-boarding time. Users should be allowed to have an arbitrary (though not unlimited) number of identity keys for login purposes, e.g. a software ed25519 key (current recommendation) and also one or more hardware backed RSA tokens on something like a YubiKey.
Similar to how users can issue invitation codes (provided they have invitations available), users should be able to issue special purpose codes that are accepted by the on-boarding flow, and remove keys (other than the one currently used for connecting) associated with their account (via UI). This mechanism could also be used for email-based account recovery workflow in the future.
The validity period of these codes should be shorter than the 72 hours used for invitations. Perhaps 1 hour.