prefer sha256 over md5 for tarball/installer signature file

[teratorn]

The release process describes creating a signed manifest of md5 checksums for the various Twisted tarballs and installers produced during the release process.

Here proposing to use sha256 sums instead.

AFAICT, this involves:

Updating http://twistedmatrix.com/trac/wiki/ReleaseProcess and replace the line

e.g. md5sum Tw* | gpg -a --clearsign > twisted-$RELEASE-md5sums.txt

with

e.g. sha256sum Tw* | gpg -a --clearsign > twisted-$RELEASE-sha256sums.txt

And upon the next release, update the wording near the bottom of this page, http://twistedmatrix.com/trac/wiki/Downloads to not refer explicitly to md5.

But really this step should be automated, so I'll file a new ticket for that feature. Marking this as a defect, since md5 is known to be defective.