Alignment with Subresource Integrity

[geovanisouza92]

This is a proposal for allowing another separator in checksum: As of Subresource Integrity states:

An integrity value begins with at least one string, with each string including a prefix indicating a particular hash algorithm (currently the allowed prefixes are sha256, sha384, and sha512), followed by a dash, and ending with the actual base64-encoded hash.

I suggest adding a dash as an alternative separator at checksum detection, along side with another checksum option sha384 (go doc).

The case I have in mind is something similar to what was discussed at ry/deno#200, specifically for FaaS context: import modules (maybe using dynamic import()) with canonical URLs that can be checked by the runtime before execution.

[tisba]

I would also really like this change. Would you accept a PR for this?

[mitchellh]

I'm supportive of this if anyone wants to take a stab.

[geovanisouza92]

Apparently, to be fully aligned with Subresource Integrity, the checksum would need to be encoded as base64, instead of hexadecimal, but it doesn't seems to be a requirement for the lib right now, right?