Add content-digest verification to httpsig verification.

[njlie]

The content-digest signature component contains a sha-256 hash of the request body. The AS httpsig verifier should verifiy this hash by hashing the request body and making sure it matches.

[wilsonianb]

https://github.com/interledger/httpbis-digest-headers https://github.com/digitalbazaar/http-digest-header

[adrianhopebailie]

https://github.com/interledger/httpbis-digest-headers was written specifically for this case. Use it to verify the digest but also ensure the digest header is part of the signed components.