binaries: use sha256 instead of sha1 for Windows native signing scheme

- our new key now supports both
- note that we don't bother to "dual sign" for both sha1 and sha2, as
  Win7 upwards sha2 is supported (and we already don't support XP, Vista, etc anymore)

contrib/build-wine/sign.sh

@@ -23,6 +23,7 @@ echo "Found $(ls *.exe | wc -w) files to sign."
 for f in $(ls *.exe); do
     echo "Signing $f..."
     osslsigncode sign \
+      -h sha256 \
       -certs "$CERT_FILE" \
       -key "$KEY_FILE" \
       -n "Electrum" \