Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS
FIPS: downloader needs to notice if expected-digest-algorithm is FORBIDDEN
If a RemoteArtifact has a digest-algorithm specified that is NOT in Artifact.DIGEST_FIELDS, current behavior is to ignore it and just build the rest of the digests. We need instead to notice an empty expected_digests, check for specified-algorithms in Artifact.FORBIDDEN_DIGESTS, and raise an exception when that happens.
See https://hackmd.io/d5y1IaW_QaSJ-DsosMDkjg?view for more discussion.