Replace MD5 usage for predicates, DEFAULT_PHASH

[akurtz-penguin]

Feature Request

pyramid.config.predicates uses hashlib.md5

While this MD5 usage isn't security related, MD5 usage is deprecated. It triggers security warnings for scanners, and isn't available in FIPS environment.

Describe the solution you'd like
Use a different algorithm, such as SHA256 or SHA512.

Describe alternatives you've considered

1. Make the algorithm configurable

Additional context
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5

[mmerickel]

This usage has no bw-compat concerns. I would accept a pr that changed it to something with a focus on speed and reduced collisions. It is not a security-related feature at all so sha256 would work but is likely less performant than some other options that would work here.

[luhn]

Why do we use a hash at all, rather than a full tuple, like we do for discriminators?

[mmerickel]

I don't know why we're using the hash historically. The requirements afaik (off the top of my head) are 1) serializable and 2) comparable for equality. It's used to find duplicate views.

[gubenkoved]

Additionally, since Python 3.9 it should be possible to supply usedforsecurity=False to hashlib hash function constructors to switch to built-in implementation that will be available in FIPS environment as well (see https://docs.python.org/3/library/hashlib.html). This way at least the users of newer Python versions will be able to benefit from it.