Refactor usage of digests_t, crypto_digest_all, etc.
When we added sha256, we added a type that would contain a sha1 digest and a sha256 digest, and some convenience code to compute both. That's reasonable.
But now we have three digest types supported. Soon (with #17783 (moved)) we might have more.
We should make sure that we don't actually use digests_t and crypto_digests_all any time we are in a critical path, unless we really want to compute all the digests. We might want to consider other APIs here.