(#13435) Change default signing digest algorithm
Change the default digest algorithm away from MD5
This commit is one step along the way to FIPS 140-2 compliance (#8120).
In a FIPS 140-2 environment, MD5 is not available. Older versions of
Ruby (1.8.7, 1.9.2) will SIGABRT when trying to use MD5 because they
don't properly check the return code from openssl.
Because the fingerprints between agent and master aren't
machine-verified and puppet cert list --digest <digest> supports any
of the digests, this commit is backwards and forwards compatibile.
Later portions of #8120 will make the default digest algorithm
configurable.