Remove optional SHA-1 in the default TLS configuration.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>

ChangeLog.d/remove_allow_sha1_in_certificates

@@ -0,0 +1,15 @@
+Removals
+   * Remove optional SHA-1 in the default TLS configuration for certificate
+     signing. This feature was ment to be available only temporarily.
+     Users are expected to use SHA-2 instead, since SHA-1 is currently
+     considered a security risk.
+     If needed, SHA-1 cerificate can still be used by providing custom
+     verification profile to mbedtls_x509_crt_verify_with_profile function
+     in x509_crt.h, or mbedtls_ssl_conf_cert_profile function in ssl.h.
+     Example of custom verification profile, supporting SHA-1:
+     const mbedtls_x509_crt_profile mbedtls_x509_crt_custom = {
+         MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ),
+         0xFFFFFFF, /* Any PK alg    */
+         0xFFFFFFF, /* Any curve     */
+         2048
+     };