Change default signing algorithm to not use broken SHA-1 hashing algorithm

[timabbott]

@pitbulk I just wanted to follow up on #269; using a hashing algorithm that's been broken in an authentication library isn't a reasonable default, even for backwards-compatibility. The right thing to do is to do a release that changes the default (and document that the SHA-1 algorithms are deprecated).

See https://duo.com/decipher/sha-1-fully-and-practically-broken-by-new-collision and https://duo.com/decipher/openssh-will-deprecate-sha-1 for background -- SHA-1 is deprecated and should not be used.

[mateuszmandera]

To add a bit more information here, what should be changed is not only the default setting that python-saml and python3-saml use for generating signatures, but also the logic for validating signatures on SAMLResponses/LogoutRequests received, which currently accepts these rsa-sha1 signatures. Arguably, there should at least be a setting to reject these signatures (and I think ideally it would be on by default because as mentioned above, backward compatibility doesn't seem like a stronger reason that the insecurity of the algorithm).

[pitbulk]

Ok, I will implement such change on next release of python-saml / python3-saml and on rest of toolkits.
I will also implement the "reject unsecure algorithms" by default enable

[pitbulk]

Done