consensus health says that signatures are sha1, but the microdesc consensus actually uses sha256

I guess this was accidentally hard-coded somewhere?