agent: Call time.Round(0) to correct .After failure when coming out of S3 suspend

agent.go

@@ -88,7 +88,14 @@ func (t *Traygent) RemoveLocked() {
 	defer t.mu.Unlock()
 
 	for _, k := range t.keys {
-		if k.expire != nil && time.Now().After(*k.expire) {
+		now := time.Now()
+
+		// Without Round(0) when coming out of S3 suspend the After check below fails
+		// https://github.com/golang/go/issues/36141
+		now = now.Round(0)
+		k.expireTime.Round(0)
+
+		if k.expireTime != nil && now.After(*k.expireTime) {
 			t.remove(k.signer.PublicKey(), "expired")
 		}
 	}
@@ -106,7 +113,7 @@ func (t *Traygent) List() ([]*agent.Key, error) {
 	for _, k := range t.keys {
 		pubKeys = append(pubKeys, &agent.Key{
 			Blob:    k.pubKey.Marshal(),
-			Comment: fmt.Sprintf("%s [%s]", k.comment, k.expire.Format(expFormat)),
+			Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
 			Format:  k.pubKey.Type(),
 		})
 	}

privkey.go

@@ -11,7 +11,7 @@ import (
 type privKey struct {
 	signer      ssh.Signer
 	comment     string
-	expire      *time.Time
+	expireTime  *time.Time
 	lifetime    uint32
 	pubKey      ssh.PublicKey
 	fingerPrint string
@@ -24,7 +24,7 @@ func (p *privKey) String() string {
 		pk.Type(),
 		p.fingerPrint,
 		p.comment,
-		p.expire.Format(expFormat),
+		p.expireTime.Format(expFormat),
 	)
 }
 
@@ -49,7 +49,7 @@ func (p *privKey) setExpire(key agent.AddedKey) {
 	t := time.Now().Add(time.Duration(exp) * time.Second)
 	key.LifetimeSecs = exp
 	p.lifetime = key.LifetimeSecs
-	p.expire = &t
+	p.expireTime = &t
 }
 
 func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {