remove sha1 from list of hashes allowed in IPFS

[gammazero]

Closes kubo issue ipfs/kubo#8703

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.50%. Comparing base (30868de) to head (3017543).
⚠️ Report is 22 commits behind head on main.

@@            Coverage Diff             @@
##             main    #1013      +/-   ##
==========================================
+ Coverage   60.47%   60.50%   +0.02%     
==========================================
  Files         267      267              
  Lines       33276    33277       +1     
==========================================
+ Hits        20124    20133       +9     
+ Misses      11485    11479       -6     
+ Partials     1667     1665       -2     

Files with missing lines	Coverage Δ
verifcid/allowlist.go	68.00% <100.00%> (+1.33%)	⬆️

... and 9 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gammazero]

Still needed for git compatibility.

• Blocked until git 3 is released

[lidel]

SHA1 creates interesting question: what do we do with hash functions which are no longer considered secure, but there are DAGs created with it. i imagine we want to retain ability to read historical DAGS, but not create new ones?

It feels what we want here, is to have separate allowlist for reading (and sha1 would be allowed, due to historical use in Git DAGs), and separate for writing (we would refuse to create new dags with sha1).

right now boxo/verifcid has allowlist.IsAllowed which covers both.

does it make sense to add IsWriteAllowed and IsReadAllowed and switch to them in code so we allow reads of Sha1 but refuse writes? (keeping IsAllowed=IsWriteAllowed && IsReadAllowed for backward compatibility).