Default SDK signatures to sha384

[tim-kos]

Summary

• default Assembly request signing to sha384
• include algorithm prefix in generated signatures (sha384:<digest>)
• add configurable signatureAlgorithm on both Transloadit and TransloaditRequest for legacy sha1 compatibility
• update tests to cover:
  • default sha384 behavior
  • explicit legacy override (sha1)
  • Node CLI parity using sha384
• document the new signatureAlgorithm option in README

Why

api2 issue #5337 tracks SDK support for SHA-384 as auth key defaults move to sha384.

Notes

• Smart CDN signing remains unchanged (sha256) because it is a separate signature mechanism.

[github-actions]

Coverage report for commit: 0173ecb
File: ./build/logs/clover.xml

Summary - Lines: 90.55% | Methods: 65.22%

Files	Lines	Methods	Branches
lib/transloadit
CurlRequest.php	91.67%	66.67%	100.00%
CurlResponse.php	100.00%	100.00%	100.00%
Transloadit.php	86.67%	55.56%	100.00%
TransloaditRequest.php	92.98%	57.14%	100.00%
TransloaditResponse.php	100.00%	100.00%	100.00%

_{🤖 comment via lucassabreu/comment-coverage-clover}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1494ff97e0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[tim-kos]

@codex review