Clarify in the documentation if `programhash` is allowed to be SHA-1

Currently, the README states that the programhash must be a SHA-256 hash:

Valid values: SHA-256 hash
programhash is used to record the SHA-256 hash value of the verified program, for example, e2d5365a863c1c57fbe2870942676040efc3aea2d9bb085092800d6e256daf06.

In practice, however, the witness linter will accept both SHA-1 and SHA-256 hashes:

sv-witnesses/lint/witnesslint/linter.py

Lines 531 to 539 in 20414d9

    
           if ( 
        
               self.program_info is not None 
        
               and data.text.lower() != self.program_info.get("sha256_hash") 
        
               and data.text.lower() != self.program_info.get("sha1_hash") 
        
           ): 
        
               logging.warning( 
        
                   "Programhash does not match the hash specified in the witness", 
        
                   data.sourceline, 
        
               )

Is it permissible for the programhash to be a SHA-1 one? I ask since witness validators like fshell-witness2test will produce a warning if the programhash does not match the SHA-1 (and only the SHA-1) hash of the file (see these lines). If SHA-1 hashes are permitted, the documentation should be clarified.

@tautschnig We wanted to move to SHA-256 completely. Are you willing to update fshell-witness2test to accept SHA-256 hashes for programhash ?

@SvenUmbricht Could you please remove SHA-1 from the linter?

SHA-1 hashes no longer pass the linter check.

The new linter is now also used in the competition, and nobody complained, so I guess this issue can be closed. Please reopen if you think there is still something that needs to be discussed.

	if (
	self.program_info is not None
	and data.text.lower() != self.program_info.get("sha256_hash")
	and data.text.lower() != self.program_info.get("sha1_hash")
	):
	logging.warning(
	"Programhash does not match the hash specified in the witness",
	data.sourceline,
	)