nixos/common: modernize KexAlgorithms selection

sshd determines order of preference from the list of acceptable algos in
KexAlgorithms by the order of the items, so sort by security properties
or as per upstream openSSH ordering

Add new post-quantum secure algorithms

Author: LucasFA

nixos/common/openssh.nix

@@ -11,11 +11,13 @@
 
     # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
     settings.KexAlgorithms = [
+      "mlkem768x25519-sha256"
+      "sntrup761x25519-sha512"
+      "sntrup761x25519-sha512@openssh.com"
       "curve25519-sha256"
       "curve25519-sha256@libssh.org"
       "diffie-hellman-group16-sha512"
       "diffie-hellman-group18-sha512"
-      "sntrup761x25519-sha512@openssh.com"
     ];
     # Only allow system-level authorized_keys to avoid injections.
     # We currently don't enable this when git-based software that relies on this is enabled.