SSH Agent should support host-to-key mapping to avoid MaxAuthTries exhaustion

The 1Password SSH agent currently offers all keys in the vault sequentially for every SSH connection, regardless of which key is relevant to the target host.

This triggers an error for a number of hosts:

Too many authentication failures

Servers configured with MaxAuthTries below the number of SSH certs on in 1Password run the risk of being unreachable thanks to the way that the agent presents the keys.
Best practice (https://linuxize.com/post/ssh-hardening-best-practices/) suggests 3-4 for the setting, and according to the man page for sshd indicates that the default is 6 (https://unix.stackexchange.com/questions/418582/in-sshd-config-maxauthtries-limits-the-number-of-auth-failures-per-connection)

To reproduce:

Have 6+ SSH keys in your 1Password vault
Connect to a server with MaxAuthTries 3 (or default) configured
The correct key in vault order is greater in count to the setting on the host
Result: Received disconnect from [host]: Too many authentication failures

Evidence from verbose SSH output:

debug1: Offering public key: GitHub ED25519 ... agent 
debug1: Offering public key: GitLab ED25519 ... agent 
debug1: Offering public key: K8sFrontEnd ED25519 ... agent 
Received disconnect: Too many authentication failures

The correct key (4th in vault) was never reached since the MaxAuthRetry was set to 3.

Workaround: Save the relevant public key to disk and use IdentitiesOnly yes + IdentityFile in ~/.ssh/config to pin a specific key to a host. This works but defeats much of the convenience of the agent.

Feature request(if the devs are looking here): Allow users to associate a key with one or more hostnames directly in the 1Password vault item or SSH Agent UI. The Bookmarks tab suggests this infrastructure may already be in progress. If bookmarked hosts could drive key selection, that would solve this entirely.

This is a natural extension of what 1Password already does well: matching credentials to their intended destination.