Updating the Git protocol for SHA-256

Most vulnerabilities in hashes seem to incrementally chip away at the strength. Not be immediate and complete breaks. So having more bits of headroom gives you more time from when the cryptographers start chipping away at the strength to when you have a practical breaks.

I would also expect hash functions with a larger internal state to be more secure even if their output size is the same. Even if the difficulty of finding a collision is similar the collision is less useful if you can't just tack on an arbitary suffix.