Remove SHA1 for support for ssh rsa signing (#31857)

https://github.com/go-fed/httpsig seems to be unmaintained. 

Switch to github.com/42wim/httpsig which has removed deprecated crypto
and default sha256 signing for ssh rsa.

No impact for those that use ed25519 ssh certificates.

This is a breaking change for:
- gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too
- activitypub using deprecated crypto (is this actually used?)

routers/api/v1/activitypub/reqsignature.go

@@ -17,8 +17,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	gitea_context "code.gitea.io/gitea/services/context"
 
+	"github.com/42wim/httpsig"
 	ap "github.com/go-ap/activitypub"
-	"github.com/go-fed/httpsig"
 )
 
 func getPublicKeyFromResponse(b []byte, keyID *url.URL) (p crypto.PublicKey, err error) {