Use a single hash function

[mnm678]

dstufft:

It feels to me like using both sha256 and sha512 here is needless extra cost. We don't know what kinds of attacks are going to be available in the future and which hash functions they're going to affect. I think It would be a better overall idea to have a single hashed location, plus the unhashed location.

[lukpueh]

I think @dstufft makes a good point here. Shall we remove sha256 and focus on a solid migration plan (in #68)? As recent discussions have shown we will need this for other things too.

Note that if we choose to use one hash algo only, we must not forget to update the metadata scalability numbers.

[joshuagl]

Agreed. The use of two hashing algorithms was confusing to me on first reading the PEP. The logic is sound, yet from an implementation simplicity and operation overhead perspective I think a solid migration plan (#68) and choosing a single "best" algorithm for the initial implementation makes more sense.

[trishankatdatadog]

I don't have strong feelings here, except that we will need a solid migration plan (#68), and that {SHA2-256, SHA3-256} >> {SHA2-256, SHA2-512}

[lukpueh]

Fixed with #71