* if we don't have the keys, we get prompted the first time, which we
  can't automate
* previously, we worked around this by passing
  `StrictHostKeyChecking=no` to `ssh`, but this leaves us open to
  the (small) possibility of a MIM attack on the server's SSH key
* instead, pin the backup server's pub key on prod by loading the
  results of calling `ssh-keyscan -H <backup host ip>` into
  `/root/.ssh/known_hosts` on prod (via `provision.yml`)
* and then remove the call to `StrictHostKeyChecking` in `bin/backup`