[1.0 breaking change] - consolidate checksum options

[dralley]

Remove externally (cli)-facing support for checksum types weaker than sha256. Probably we should continue being able to republish such repos, and thus shouldn't entirely remove support? At least from the Python API, we will still need to parse such repos, as users will be managing EL6 and EL7 repos (of which some use sha1 checksums) for a long time to come. Maybe md5 could be permanently ditched, though.

Even more aggressive suggestion - is there a strong need for --repomd-checksum to exist? It appears the original justification was "because Spacewalk allows it", but as a developer on the successor to Spacewalk, we don't have this requirement nor do I really see the purpose.

I would be OK with its removal.