In the late analysis stage, go over all collected binaries, and
collect their accompanying .hmac files, if they are available.
These files are required in FIPS-enabled mode on RHEL, where the
HMAC accompanying OpenSSL shared library is used in the library's
self-check.

On FIPS-enabled RHEL systems, `hashlib.md5()` raises exception:
```
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled
for FIPS
```

So switch to SHA1 instead.

Remove the check for WinSxS `.manifest` files in
`process_collected_binaries` helper, as automatic data vs binary
(re)classification should hopefully ensure that `.manifest` files
never end up in this processing codepath.

Refactor `process_collected_binary` helper, with goal of removing
the recursive call to itself when both strip and upx are enabled.

This makes the processing flow easier to follow, and makes it
easier to add additional steps (for example, code-signing on
Windows), without having to worry about those steps being
performed in intermediate recursive calls.

Automatically disable upx and/or strip if a linux binary has an
accompanying .hmac file, as modification to the binary will
invalidate the HMAC.

If calling `strip` or `upx` in `process_collected_binary` fails
for whatever reason, display a warning and captured stdout/stderr.
The failure is still considered non-fatal (warning instead of an
error), but it should be visible to the user.