Detect and throw warning for weak crypto hash algorithm

[fraxken]

The goal of this task (issue) is to develop a new feature capable of detecting any usage of weak hash algorithm like md5.

For the sake of simplicity it is sufficient to look for the createHash method.

Example of code that should throw a new warning:

import crypto from "crypto";

crypto.createHash("md5");

We may have to answer few questions for this issue:

• Do we have to handle other API (like the WebCrypto API)? Maybe we can also in some ways deal with popular crypto library ?
• Is there is another algorithms that we are considering "weak" other than md5 ? (i guess sha1 has to be considered weak too).

[tony-go]

I know that I'm a bit too busy atm, but I'd like to work on this one (maybe a live 👀) as I didn't touch to js-x-ray too much since the beginning ^^

[fraxken]

@Mathieuka was also interested by this one (so maybe check with him if he still want to do it).

[Mathieuka]

@fraxken Finally I don't feel strong enough to take this ticket at the moment, I'm going to keep learning about the AST part 💪

@tony-go If you do a live on this ticket that would be great !!

[fraxken]

@all-contributors please add @tony-go for code, doc, test

[allcontributors]

@fraxken

I've put up a pull request to add @tony-go! 🎉