This commit introduces a dedicated SignatureHashAlgorithmPolicy for certification signatures.
The default configuration will accept SHA-1 on sigs created before 2023-02-01.
BCs PGPPublicKey.getBitStrenght() appears to fail to recognize some elliptic curves.
In such cases, bitStrength is reported as -1.
I added BCUtil.getBitStrength(publicKey) to manually determine the bit strenght by OID.
See https://github.com/bcgit/bc-java/issues/972 for an upstream bug report.