Tweak some of the new OpenSSH per-source penalty settings on Debian
13. For now only adjusting the source network masks and reusing the
list of IPs to exempt from fail2ban.
These being built in makes them easier to use, but I think I will
end up sticking with fail2ban for the heavy lifting because it per-
sists across restarts of the daemon, whereas OpenSSH's doesn't. I
will monitor OpenSSH on Debian 13 to see how to best use it along
side fail2ban.
We can re-use our fail2ban ignoreip setting for Debian 13's OpenSSH
PerSourcePenaltyExemptList, but OpenSSH is more strict with regards
to masks not being applied to the host portion. I had never noticed
that fail2ban's default was applying the mask on the host portion!
