The file has a header like
	u8[3]: magic = b'WOT'
	u8: version = 0

After the header the entries are laid out as
	u8[32]: salt
	u8[32]: sha256(host concat salt)
	u8[32]: sha256-fingerprint
	u16le: comment-bytes
	utf8[]: comment

If port is not 22, the host is [host]:port. This is in accordance with how
OpenSSH stores it in .ssh/known_hosts. Internationalized domain names are
punycoded and all domain names are converted into lower case. This differs
from OpenSSH, which is not IDN-aware.

Sha256 is used instead of a password hash since we want checking for whether
a host is present to be reasonably fast.

The comment field can have any other valid Unicode, but must not contain
newline characters. An implementation should check for them when displaying
the comment.