Lookaside: Move away from md5

[Mathieu Bridon]

We should move to something more secure than md5 for the uploaded sources.

This patch series implements the server-side part of this change, adding
support for sha512, but keeping support for md5 as a fallback for now.

We might want to drop the md5 fallback once we have migrated completely, that
is when fedpkg has been updated too.

The last patch is unrelated, but it's a fix for a problem I found while
testing this change.

https://fedorahosted.org/rel-eng/ticket/5846