Standardize password hashing and introduce configurable hashing for token revocation

[RinZ27]

Hardcoded MD5 hashing for password comparisons in REVOKE_TOKEN_CLAIM has been replaced with a more flexible mechanism. This update introduces a new setting, CHECK_REVOKE_TOKEN_HASH_ALGORITHM, which defaults to md5 to maintain strict backward compatibility for existing tokens. Users can now choose more modern algorithms like sha256 or sha512 by updating their project settings.

Refactoring the internal hashing utility to support multiple algorithms ensures that authentication and token validation remain robust while providing a clear path for modernization. The change impact is localized to:

• settings.py: Added default hash configuration.
• utils.py: Enhanced hashing utility with support for dynamic algorithms.
• tokens.py, serializers.py, authentication.py: Integrated the configurable hashing logic into core workflows.

Existing tests in tests/test_authentication.py have been updated to reflect these changes, ensuring that the revocation check logic continues to function as expected under the new configurable model. This approach avoids breaking current installations while significantly improving the project's extensibility for different hashing standards.

[vgrozdanic]

MD5 is not hashing actual password here, but hash of the password, it is more used as a hash fingerprint to invalidate the token if the password changes, and for that it's better if the hashing function is as fast as possible.

For this reason, I would rather not accept this change as it makes maintenance harder with no very clear benefit.

@Andrew-Chen-Wang what do you think?

[RinZ27]

@vgrozdanic @Andrew-Chen-Wang completely understand the point about speed; MD5 is definitely efficient for fingerprinting. My primary goal with this change was to address compliance hurdles rather than cryptographic ones. Many security-sensitive environments or FIPS-compliant systems now flag any use of MD5 in a codebase, which often forces users to fork libraries just to swap out a non-critical hash.

Providing this configuration while keeping MD5 as the default allows most users to stay on the fast path. I kept the implementation lightweight to ensure it doesn't add significant maintenance burden while still offering a clean way for enterprise users to meet their audit requirements.