Replace JS implementation of SHA1 with SubtleCrypto

[schmijos]

Reimplementing the hashing algorithm in JavaScript (see Hashcash.sha1) renders this library vulnerable to one specific attack: An attacker could fork this library and use a faster implementation of SHA1 and address all users of active_hashcash.

I'd like to suggest that we replace the custom SHA1 implementation with one of the Web Crypto API. I suspect this is rather easy and would give 10-20 times more protection according to your note in the README.

The hashing function to be used would probably be the one with most widely-accessible onchip support and equal performance distribution.

If you want to dig deep, have a look at the testing distributions of SHA512. On that site I also found very interesting to look at what hash functions even exist.

[alexisbernard]

Absolutely, improving the speed of SHA1 is critical.

I also thought the Crypto API should be faster than a custom SHA1, but that wasn't the case. That is why I switched here 2df3ba5. But probably I miss used the Crypto API.

I also have the idea to compile the SHA1 in wasm. If you have any experience in one of those, that would be greatly appreciated!