AuthorizedKeysCommand doesn't scale. Particularly for Github and Bitbucket because they would need to return a few million lines.
From the man page:
Specifies a program to be used for lookup of the user's public keys. The program will be invoked with its first argument the name of the user being authorized, and should produce on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS in sshd(8)). By default (or when set to the empty string) there is no AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully authorize the user, authorization falls through to the AuthorizedKeysFile. Note that this option has an effect only with PubkeyAuthentication turned on.
The AuthorizedKeysCommand script is invoked with the user name of the connecting user, which isn't enough to do a database lookup, as, for example, on GitHub all incoming connections are from user git.
The patch basically makes OpenSSH send the incoming user key to the script's stdin, and from the key it's trivial to match it against a user.
From the man page:
Specifies a program to be used for lookup of the user's public keys. The program will be invoked with its first argument the name of the user being authorized, and should produce on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS in sshd(8)). By default (or when set to the empty string) there is no AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully authorize the user, authorization falls through to the AuthorizedKeysFile. Note that this option has an effect only with PubkeyAuthentication turned on.