feat: add option to allow different algos to sign Cloudfront

[guidopili-docebo]

Addresses Issue #3116

Summary

CloudFront's Signer, CookieSigner, UrlSigner, and the CloudFrontClient convenience methods previously hardcoded SHA1 as the signing algorithm (the openssl_sign() default). This change adds an optional $algorithm parameter so callers can pass any OpenSSL-supported algorithm, such as SHA256.

Changes

• Signer — new $algorithm property (fourth constructor parameter, defaults to OPENSSL_ALGO_SHA1). Passed through to openssl_sign().
• CookieSigner / UrlSigner — new $algorithm constructor parameter threaded to the internal Signer instance.
• CloudFrontClient — getSignedUrl() and getSignedCookie() read an optional 'algorithm' key from the options array and forward it to the respective signer.
• SignerTest — new test asserting that OPENSSL_ALGO_SHA256 produces a valid, URL-safe signature that differs from the SHA1 output.

Backward compatibility

Fully backward compatible. All new parameters default to OPENSSL_ALGO_SHA1, which matches the previous implicit behavior.

Usage

// Direct signer
$signer = new Signer($keyPairId, $privateKey, '', OPENSSL_ALGO_SHA256);

// Via CookieSigner / UrlSigner
$signer = new CookieSigner($keyPairId, $privateKey, OPENSSL_ALGO_SHA256);
$signer = new UrlSigner($keyPairId, $privateKey, OPENSSL_ALGO_SHA256);

// Via CloudFrontClient
$client->getSignedUrl([
    'url'         => 'https://d111.cloudfront.net/image.jpg',
    'expires'     => time() + 3600,
    'key_pair_id' => $keyPairId,
    'private_key' => $privateKey,
    'algorithm'   => OPENSSL_ALGO_SHA256,
]);