Use only post-quantum resistant algorithms

modules/sshd.nix

@@ -13,11 +13,8 @@
       ];
       # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
       KexAlgorithms = [
-        "curve25519-sha256"
-        "curve25519-sha256@libssh.org"
-        "diffie-hellman-group16-sha512"
-        "diffie-hellman-group18-sha512"
         "sntrup761x25519-sha512@openssh.com"
+        "mlkem768x25519-sha256"
       ];
       PasswordAuthentication = false;
       StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists