mk-ca-bundle.pl: use SHA256 instead of SHA1

This hash is used to verify the original downloaded certificate bundle
and also included in the generated bundle's comment header. Also
rename related internal symbols to algorithm-agnostic names.