Use collision-detecting SHA1 alg

[magik6k]

It's possible to detect cryptanalytic collision attacks on SHA1, there is a lib in C which implements SHA1 with this 'extension' - https://github.com/cr-marcstevens/sha1collisiondetection, we should consider using that here.

[aschmahmann]

I felt inspire to poke at this recently and it seemed easy enough aschmahmann/go-sha1collisiondetection#1.

However, I can't see how I would register this in go-multihash since the registry takes a hash.Hash (https://pkg.go.dev/hash#Hash) which inconveniently has no way of returning an error when calling sum. Is it worth introducing any breaking changes here? cc @Stebalien @warpfork @magik6k

Perhaps this is the only hash function that can result in an error, but I could see other scenarios such as hash functions that only work for data of a particular format that's not fixable by just padding zeros.

---

Note: there's also a difference between Sum and Finalize in the underlying C library in that the C library modifies the internal state and doesn't append bytes to the end of a slice, but those are very fixable.

[Stebalien]

Fallible hashers are... annoying. The rust API doesn't make any room for them either.

One solution would be to change the hash digest. E.g., if we run into a "broken" hash, we take the first 128 bits of a sha256 hash instead.

Also note: we probably don't want to require cgo for this library, if at all possible.