Investigate security findings

[toddbaert]

Scans from a potential adoptor resulted in some findings. We should investigate these:

pkg/sync/http_sync.go
    go.lang.security.audit.crypto.bad_imports.insecure-module-used
       Detected use of an insecure cryptographic hashing method. This method is known to be broken
       and easily compromised. Use SHA256 or SHA3 instead.
       Details: https://sg.run/l2gj
 
        69┆ hasher := sha1.New() //nolint:gosec
         ⋮┆----------------------------------------
    go.lang.security.audit.crypto.use_of_weak_crypto.use-of-sha1
       Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant
       and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
       Details: https://sg.run/XBYA
 
        69┆ hasher := sha1.New() //nolint:gosec

pkg/sync/kubernetes/kubernetes_sync.go
     trailofbits.go.questionable-assignment.questionable-assignment
        Should `k` be modified when an error could be returned?
        Details: https://sg.run/qq6y
 
        117┆ k.client, err = client.New(clusterConfig, client.Options{Scheme: scheme.Scheme})

[odubajDT]

Hey, I would like to take this issue :)