Replace Double-SHA256

[elichai]

We currently use bitcoin's double SHA256, but there's no point in doing that.
we have a lot of options to choose from:
Single SHA256
SHA512-256
SHA3-256
Blake2b-256
Blake2s-256
and more.

Things we should consider:

1. Interoperability.
2. CPU performance.
3. Friendliness to binary/arithmetic circuts and R1CS (STARK/SNARK).

For interoperability, the only modern hash function bitcoin supports is SHA256.
Ethereum supports SHA256 and SHA3-256, and there's a proposal for Blake2b.
ZCash uses Blake2b for most things, but blake2s for some other specific things (not sure why), source

For performance we can see the difference between them in the official Go implementations:

goos: linux
goarch: amd64
pkg: go_bench/go
BenchmarkSha256-16                547833              2188 ns/op               0 B/op          0 allocs/op
BenchmarkDoubleSha256-16          479936              2498 ns/op               0 B/op          0 allocs/op
BenchmarkSha512_256-16            697750              1699 ns/op               0 B/op          0 allocs/op
BenchmarkSha3_256-16              389749              2897 ns/op             960 B/op          4 allocs/op
BenchmarkBlake2b-16              1474974               817 ns/op               0 B/op          0 allocs/op
BenchmarkBlake2s-16              1096104              1099 ns/op               0 B/op          0 allocs/op
PASS

For SNARK/STARK friendliness, it's hard to know and requires more research but after talking with some people it seems that:
For PLONK Blake2s is around ~2.5K gates per round, SHA256 and blake2b is around ~5K per round, and keccak/SHA3 is ~12K per round.

We should also think if we care that Schnorr(BIP-340) and ECMH use SHA256 internally