Image table's img_sha1 file is used to look for duplicate files at upload time. While known SHA-1 attacks can't be used to create a duplicate of an existing file, they can be used to create pairs or sets of files which will cause confusion, leading to recommendation to use SHA-256 instead.
- add img_sha256 and related fields
- populate hashes of old entries
- adjust suitable internal and external APIs to take SHA-256 hashes as well as SHA-1 hashes