SSH rule with autogroup:nonroot exposes unintended user access when dst changes

When SSH rules use `autogroup:nonroot` in the `users` field with a `dst` field other than `autogroup:self` (such as ACL tags), anyone permitted by the `src` setting can SSH as any nonroot user on the destination device. This creates broader access than intended.

When changing SSH rule `dst` from `autogroup:self` to another destination like tags, also replace `autogroup:nonroot` in the `users` field with specific user accounts or SSH principals. Review existing SSH rules to ensure `autogroup:nonroot` is only used with `autogroup:self` destinations.