Make CodeQL happy

Update a couple of hashes from SHA1 to SHA256
These were only used as keys in caches but try explaining
that SHA1 is perfectly safe for this use case to your typical security
person.

src/calibre/srv/books.py

@@ -8,7 +8,7 @@ import os
 import tempfile
 import time
 from functools import partial
-from hashlib import sha1
+from hashlib import sha256
 from threading import Lock, RLock
 
 from calibre.constants import cache_dir, iswindows
@@ -58,7 +58,7 @@ def books_cache_dir():
 
 def book_hash(library_uuid, book_id, fmt, size, mtime):
     raw = json_dumps((library_uuid, book_id, fmt.upper(), size, mtime, RENDER_VERSION))
-    return as_unicode(sha1(raw).hexdigest())
+    return as_unicode(sha256(raw).hexdigest())
 
 
 staging_cleaned = False

src/calibre/srv/code.py

@@ -455,7 +455,7 @@ def tag_browser(ctx, rd):
     opts = categories_settings(rd.query, db, gst_container=tuple)
     vl = rd.query.get('vl') or ''
     etag = json_dumps([db.last_modified().isoformat(), rd.username, library_id, vl, list(opts)])
-    etag = hashlib.sha1(etag).hexdigest()
+    etag = hashlib.sha256(etag).hexdigest()
 
     def generate():
         return json(ctx, rd, tag_browser, categories_as_json(ctx, rd, db, opts, vl))