DfFIPS (Designed for FIPS) updates

[rhdedgar]

Some cryptographic algorithms that are not FIPS-validated are currently used for different purposes in the llama-stack repo. These must be replaced so that llama-stack is considered to be "Designed for FIPS".

Examples:

• https://github.com/llamastack/llama-stack/blob/main/llama_stack/cli/verify_download.py#L55 MD% is used in the calculate_md5 function. It's using the parameter usedforsecurity=False despite being a security-sensitive operation.
• https://github.com/llamastack/llama-stack/blob/main/llama_stack/providers/utils/vector_io/vector_utils.py#L22 MD5 i used for UUID generation.
• https://github.com/llamastack/llama-stack/blob/main/llama_stack/testing/inference_recorder.py#L210 SHA-1 is used in _extract_model_identifiers for another identifier generation purpose.

Proposal:

• Switch algorithms from SHA-1 and MD5 to SHA-256 (or greater).

There are differences in hash output when switching from MD5 to SHA-256. The hash length would increase from 32 to 64 characters. Would this pose an issue for any current use cases? e.g. It's possible some users have strict database schemas with a hard limit of 32 characters for fields in this column

For security sensitive operations like file checksum creation, I would recommend the full SHA-256 hash be used for validation. For other functions like _extract_model_identifiers() that currently only use 8 characters of the hash for testing purposes, we may opt to use the same truncated string, or choose another way to generate this identifier.

I'll bring this topic up at the community meeting, and open a PR soon after if there are no issues with this approach.

[rhdedgar]

Converted to this issue: #3424
And then implemented in this PR: #3423