Ensure FIPS compliance by marking MD5 and SHA-1 as non-security-related

[buugaj]

This update addresses issues with environments that enforce FIPS standards by preventing non-compliant algorithms (like MD5 and SHA-1) from being used in contexts related to security. Since these hashes do not involve sensitive data they should be explicitly marked as not used for security.

The easiest syntax change would be to just add a kwarg to calls.
short_sha = hashlib.sha1(parts.encode('utf-8', usedforsecurity=False))
Unfortunately that's not compatible with Python <3.9.

Alternative solution to this problem could be switching to sha-256 hashes everywhere.
Alternative implementation could be:

def md5_not_usedforsecurity(data):
    try:
        return hashlib.md5(data, usedforsecurity=False).hexdigest()
    except TypeError:
        return hashlib.md5(data).hexdigest()

Context:
python/cpython#53462 (comment)

[buugaj]

Hi @SmileyChris @jrief, without this change easy-thumbnails cannot be used on systems adhering to Federal Information Processing Standards. Please let me know if there are any further changes or actions needed to proceed with this PR.

[buugaj]

Hi @SmileyChris, @jrief
Let me know if we can somehow get some movement on this. Thanks.

[jrief]

Thanks