switch from sha256 to xxh3

[vito]

The main motivation here is UX (shorter identifiers), not performance, though xxh3 is much faster for this use case so I figured I'd try it out.

$ bass
=> (.foo)


        ██████
      ██████████
      ██████████
    ██  ██████  ██
      ██████████
      ██  ██  ██
    ██          ██
      ██      ██

<thunk huuCt5LNZ50=: (.foo)>
=> (path-name (.foo))
"huuCt5LNZ50="

Note: xxh3 is a non-cryptographic hash function. I don't think we need cryptographic properties given how thunk hashes are used:

• keys in maps for tracking already-loaded Bass modules
• directory names for thunk paths that are passed in to another thunk in args/env/stdin
• stringifying the thunk value in the REPL
• urls in Bass Loop
• showing it in the page/tab title
• the hostname of the thunk's container. sidenote: this is what allows labels to bust caches.
• filenames for cached thunk path exports used for loading Bass source code from a thunk (e.g. git clone of a remote lib)
• filenames for cached thunk path exports used for rendering backtraces
• filenames for tmpdirs created by the buildkit runtime during read/export
• html id= tags in the docs
• the thunk's (path-name) and (path-stem)

Seems worth noting that secret values contained within a thunk do not influence the thunk's hash:

=> (.foo (mask "yo" :hey))


      ██  ██  ██
      ██████████
    ██  ██████  ██
    ██  ██████  ██
      ██████████
        ██  ██
      ████  ████


<thunk 3OTbj4nXlkM=: (.foo)>
=> (.foo (mask "yoo" :hey))


      ██  ██  ██
      ██████████
    ██  ██████  ██
    ██  ██████  ██
      ██████████
        ██  ██
      ████  ████


<thunk 3OTbj4nXlkM=: (.foo)>
=> (json (.foo (mask "yoo" :hey)))
"{\"cmd\":{\"command\":{\"name\":\"foo\"}},\"stdin\":[{\"secret\":{\"name\":\"hey\"}}]}"