runtests: use setfacl on Cygwin/MSYS, if present

To use a native Cygwin tool instead of the Windows `icacls`. It allows
running under Cygwin/MSYS without Windows system folders in the `PATH`.

Also: fix indentation and tidy up syntax of the `icacls` branch.

Note: As of this commit, these `setfacl` and `icacls` calls are not
necessary for a successful CI run. This includes OpenSSH for Windows
tests, that aren't run by default. Keep them anyway, because locally
they may be necessary depending on environment.

Reported-by: Brian Inglis
Fixes #16437
Ref: #16803
Closes #16465

tests/sshserver.pl

@@ -438,12 +438,16 @@ if((! -e pp($hstprvkeyf)) || (! -s pp($hstprvkeyf)) ||
     # Make sure that permissions are restricted so openssh doesn't complain
     system "chmod 600 " . pp($hstprvkeyf);
     system "chmod 600 " . pp($cliprvkeyf);
-    if(pathhelp::os_is_win()) {
-      # https://ss64.com/nt/icacls.html
-      $ENV{'MSYS2_ARG_CONV_EXCL'} = '/reset';
-      system("icacls \"" . pathhelp::sys_native_abs_path(pp($hstprvkeyf)) . "\" /reset");
-      system("icacls \"" . pathhelp::sys_native_abs_path(pp($hstprvkeyf)) . "\" /grant:r \"$username:(R)\"");
-      system("icacls \"" . pathhelp::sys_native_abs_path(pp($hstprvkeyf)) . "\" /inheritance:r");
+    if(($^O eq 'cygwin' || $^O eq 'msys') && -e "/bin/setfacl") {
+        # https://cygwin.com/cygwin-ug-net/setfacl.html
+        system "/bin/setfacl --remove-all " . pp($hstprvkeyf);
+    }
+    elsif(pathhelp::os_is_win()) {
+        # https://ss64.com/nt/icacls.html
+        $ENV{'MSYS2_ARG_CONV_EXCL'} = '/reset';
+        system "icacls \"" . pathhelp::sys_native_abs_path(pp($hstprvkeyf)) . "\" /reset";
+        system "icacls \"" . pathhelp::sys_native_abs_path(pp($hstprvkeyf)) . "\" /grant:r \"$username:(R)\"";
+        system "icacls \"" . pathhelp::sys_native_abs_path(pp($hstprvkeyf)) . "\" /inheritance:r";
     }
     # Save md5 and sha256 hashes of public host key
     open(my $rsakeyfile, "<", pp($hstpubkeyf));