Do not use sha1

[ehmry]

SHA1 is broken. Many things are broken in Nimble but this is easy to fix.

[xTrayambak]

@Araq What should be done about this?

[Araq]

Use a better checksum algorithm?

[xTrayambak]

Alright, I'll work on that. I'm just scared that this might break stuff downstream. Hopefully, it won't. :P

[xTrayambak]

The biggest problem is migrating pre-existing installed libraries. We'll have to go through everything in the packages directory, scan everything, compute new SHA-2 hashes, move these files to new directories with the updated hash. Or, alternatively, we can let SHA-1 exist as legacy stuff, and add a new pkgs3 directory with new packages that have SHA-2 hashes.