curl: Refactored metalink_checksum

When creating metalink_checksum from metalink_checksum_t, first
check hex digest is valid for the given hash function.  We do
this check in the order of digest_aliases so that first good
match will be chosen (strongest hash function available).  As a
result, the metalinkfile now only contains at most one
metalink_checksum because other entries are just redundant.