FreeBSD -- ssh-add does not honor per-hop destination constraints

Problem Description:

When using ssh-add(1) to add smartcard keys to ssh-agent(1) with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints.

Impact:

A malicious server could leverage the keys provided by a forwarded agent that would normally not be allowed due to the logic error.