Use `github.com/opencontainers/go-digest` for checksums

[hiddeco]

At present we are advertising a SHA2 in the Checksum field of an Artifact.

To make this more future proof, and e.g. allow people to switch from SHA2 to BLAKE3. It would be good if we changed the format of this field to match the OCI digest format (thus making it prefixed with the algo, e.g. sha256:<checksum>).

While making this change, it should be taken into account that with this allows for verification using a Verifier. In addition, it should be backwards compatible (probably replacing the backwards compatibility logic for SHA1).