Sorry, I'm not sure how does this relate to WinSCP. Can you please elaborate about what you ask for?
However, I cannot find any recomendations for a certificate authority to manage these SSH certificates.
There seem to be numerous options surrounding certificate management for servers and productions environments, e.g. BLESS, CASSH etc.
What would you recommend for managing SSH certificates for developers to access Github?
In an ideal world, this would allow for custom configuration by developer. It would be able to interact with an existing active directory to authenticate users attempting to create certificates and it would be a managed service.