Make algorithm default to `hs2019`

[aljones15]

"algorithm" RECOMMENDED. The "algorithm" parameter contains the name of the signature's Algorithm, as registered in the HTTP Signature Algorithms Registry defined by this document. Verifiers MUST determine the signature's Algorithm from the "keyId" parameter rather than from "algorithm". If "algorithm" is provided and differs from or is incompatible with the algorithm or key material identified by "keyId" (for example, "algorithm" has a value of "rsa-sha256" but "keyId" identifies an EdDSA key), then implementations MUST produce an error. Implementers should note that previous versions of this specification determined the signature's Algorithm using the "algorithm" parameter only, and thus could be utilized by attackers to expose security vulnerabilities. The default value for this parameter is "hs2019". https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-00#section-4.1

Algorithm is not required, but defaults to hs2019

   If the signature's Algorithm name does not start with "rsa",
   "hmac", or "ecdsa", signers SHOULD include "(created)" and
   "(request-target)" in the list.

• [ ] ensure we are adding (created) and (request-target) when algorithm is not one of the above. (I believe we are)

If the signature's Algorithm starts with "rsa", "hmac", or "ecdsa", signers SHOULD include "date" and "(request-target)" in the list.

• [ ] we don't cover this

[aljones15]

NOTE: this appears to be a feature in version 13 of the spec.

[aljones15]

closing this as this version of the spec is no longer relevant.