Use SHA-2 signature for Tor Browser setup executables
As tjr mentioned in #17870 (moved) we only use SHA-1 when signing our Windows setup executables and should switch to SHA-2 or, better, provide both SHA-1 for older systems and SHA-2 for newer ones. Mozilla tried to deal with it in https://bugzilla.mozilla.org/show_bug.cgi?id=1079858 which might be a good starting point for solving this bug.