refget: Allow metadata/md5 to be optional

[juliangehring]

This change allows the md5 response in the refget metadata to be optional, in line with trunc512.

It is unfortunately a bit vaguely phrased in the refget specs. While it isn't explicitly stated in the response description that this field can be null, the important bit is:

The supported checksum algorithms are MD5 (a 32 character HEX string) and a SHA-512 based system called TRUNC512 (a 48 character HEX string, see later for details). Servers MUST support sequence retrieval by one or more of these algorithms, and are encouraged to support all to maximize interoperability.

In summary, there is no need for the server to support md5, as long as it supports other options. While unlikely to see this often in the wild, I would suggest staying on the safe side and don't assume that md5 must be set.

See also the discussion in https://github.com/samtools/hts-specs/pull/479.

[juliangehring]

Closing this since md5 seems mandatory after all:

Refget implementations MUST support the MD5 identifier space and SHOULD support TRUNC512.