[ENH] allow flexible usage of better hashing algorithm than SHA1

[ericzolf]

Is your feature request related to a problem? Please describe.

SHA1 isn't considered secure anymore and will keep us from getting 100% of the OpenSSF best practices, see #103

Describe the solution you'd like

The hashlib Python library already used by rdiff-backup supports all kind of algorithms, so that it should be comparatively easy to use any kind of algorithm.

Instead of SHA1Digest 9801739daae44ec5293d4e1f53d3f4d2d426d91c, we could have something like: Digest sha1:9801739daae44ec5293d4e1f53d3f4d2d426d91c or:

DigestAlgorithm sha1
Digest 9801739daae44ec5293d4e1f53d3f4d2d426d91c

Where of course sha1 could be replaced by sha256 & Co

Describe alternatives you've considered

I'm asking myself the question if one hash algorithm per repository wouldn't be a better choice, it would make things possibly easier, but then it would make changing the hash algorithm more difficult.

Additional context

• according to first few tests, sha256 is more secure and not really slower than sha1 so that it could become the new default
• we will need a feature to convert old repositories, perhaps even a feature to change from one hashing algorithm to the next
• and a new option to set the default hashing algorithm will be required
• update accordingly the OpenSSF entry