Improve security and handling around BORG_AUTHORIZED_KEYS

Adds `restrict` to lock down all extra features on connections.
This is what was recommended by borg's documentation.

Ignores empty lines, space/tab filled lines and comment lines.
This makes me less guilty for adding documentation.

entrypoint.sh

@@ -35,7 +35,7 @@ fi
 
 # if BORG_AUTHORIZED_KEYS is set substitute authorized_keys file
 if [ -n "${BORG_AUTHORIZED_KEYS+x}" ]; then
-    echo -e "${BORG_AUTHORIZED_KEYS}" | sed  -e "s/^/command=\"borg serve ${BORG_SERVE_ADDITIONAL_ARGS} --restrict-to-path \/home\/borg\/backups\" /"  >/home/borg/.ssh/authorized_keys
+    echo -e "${BORG_AUTHORIZED_KEYS}" | sed -re "/^\\s*(\$|#)/! s/^/restrict,command=\"borg serve ${BORG_SERVE_ADDITIONAL_ARGS} --restrict-to-path \/home\/borg\/backups\" /"  >/home/borg/.ssh/authorized_keys
 fi
 chown borg:borg /home/borg/.ssh/authorized_keys
 chmod og-rwx /home/borg/.ssh/authorized_keys