Move to OpenSSL Digest classes

In older Ruby versions, Digest uses legacy OpenSSL APIs to implement the
digest methods. These APIs break in some configurations such as FIPS
mode enforcement. In the latest Ruby, this was removed (see
ruby/ruby#3149), but that means Digest uses the
non OpenSSL implementations. In those same environments that want FIPS
enforcement, that is not desired as all crypto operations should be
using OpenSSL there.

In ruby/openssl#377, it is discussed to replace
the constants when OpenSSL is loaded. But what is a limiting factor
here, is that OpenSSL doesn't have the equivalent of Digest::SHA2 (which
really ends up computing a SHA256 digest).

So this removes the usage of Digest::SHA2 which is harder to wrap and
also recommends to use the OpenSSL digest by default.

lib/i18n/backend/cache.rb

@@ -21,7 +21,7 @@
 # configure your own digest method via which responds to #hexdigest (see
 # http://ruby-doc.org/stdlib/libdoc/digest/rdoc/index.html):
 #
-#   I18n.cache_key_digest = Digest::MD5.new
+#   I18n.cache_key_digest = OpenSSL::Digest::SHA256.new
 #
 # If you use a lambda as a default value in your translation like this:
 #

lib/i18n/backend/cache_file.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'digest/sha2'
+require 'openssl'
 
 module I18n
   module Backend
@@ -19,7 +19,7 @@ def load_file(filename)
         key = I18n::Backend::Flatten.escape_default_separator(normalized_path(filename))
         old_mtime, old_digest = initialized && lookup(:i18n, key, :load_file)
         return if (mtime = File.mtime(filename).to_i) == old_mtime ||
-                  (digest = Digest::SHA2.file(filename).hexdigest) == old_digest
+                  (digest = OpenSSL::Digest::SHA256.file(filename).hexdigest) == old_digest
         super
         store_translations(:i18n, load_file: { key => [mtime, digest] })
       end