Add ignore_hash option in settings.ini (#684)

* Settings: add an option to skip checksum verification on Updates.xml

This allows aqt to work even when the server download.qt.io is
unreachable.

Signed-off-by: Alberto Mardegan <mardy@users.sourceforge.net>

* Update settings.ini

* Correct option to skip checksum verification

* Rename ignore_hash option to INSECURE_NOT_FOR_PRODUCTION_ignore_hash

* Update doc about INSECURE_NOT_FOR_PRODUCTION_ignore_hash

* Add hash_algorithm option

* Unofficial mirrors might not provide any hash for Updates.xml

* docs: update configuration.rst

express default value of hash_algorithm

Signed-off-by: Hiroshi Miura <miurahr@linux.com>

* fix: hashlib constructor with usedforsecurity=False

- Python 3.9 and later introduce a keyword argument ``usedforsecurity``
- Set to False because we use hash to check file integrity not for password hash.

Signed-off-by: Hiroshi Miura <miurahr@linux.com>

* Attempt to fix parameter type inconsistency in downloadBinaryFile

---------

Signed-off-by: Alberto Mardegan <mardy@users.sourceforge.net>
Signed-off-by: Hiroshi Miura <miurahr@linux.com>
Co-authored-by: Alberto Mardegan <mardy@users.sourceforge.net>
Co-authored-by: Hiroshi Miura <miurahr@linux.com>

aqt/settings.ini

@@ -16,6 +16,8 @@ max_retries_on_connection_error: 5
 retry_backoff: 0.1
 max_retries_on_checksum_error: 5
 max_retries_to_retrieve_hash: 5
+hash_algorithm: sha256
+INSECURE_NOT_FOR_PRODUCTION_ignore_hash: False
 
 [mirrors]
 trusted_mirrors: