move cryptographicallySecure into Backend type

This is groundwork for external backends, but also makes sense to keep
this information with the rest of a Backend's implementation.

Also, removed isVerifiable. I noticed that the same information is
encoded by whether a Backend implements verifyKeyContent or not.

Backend/Hash.hs

@@ -41,6 +41,17 @@ data Hash
 	| Blake2sHash HashSize
 	| Blake2spHash HashSize
 
+cryptographicallySecure :: Hash -> Bool
+cryptographicallySecure (SHA2Hash _) = True
+cryptographicallySecure (SHA3Hash _) = True
+cryptographicallySecure (SkeinHash _) = True
+cryptographicallySecure (Blake2bHash _) = True
+cryptographicallySecure (Blake2bpHash _) = True
+cryptographicallySecure (Blake2sHash _) = True
+cryptographicallySecure (Blake2spHash _) = True
+cryptographicallySecure SHA1Hash = False
+cryptographicallySecure MD5Hash = False
+
 {- Order is slightly significant; want SHA256 first, and more general
  - sizes earlier. -}
 hashes :: [Hash]
@@ -68,6 +79,7 @@ genBackend hash = Backend
 	, canUpgradeKey = Just needsUpgrade
 	, fastMigrate = Just trivialMigrate
 	, isStableKey = const True
+	, isCryptographicallySecure = const (cryptographicallySecure hash)
 	}
 
 genBackendE :: Hash -> Backend

Backend/URL.hs

@@ -28,6 +28,7 @@ backend = Backend
 	-- The content of an url can change at any time, so URL keys are
 	-- not stable.
 	, isStableKey = const False
+	, isCryptographicallySecure = const False
 	}
 
 {- Every unique url has a corresponding key. -}

Backend/WORM.hs

@@ -29,6 +29,7 @@ backend = Backend
 	, canUpgradeKey = Just needsUpgrade
 	, fastMigrate = Just removeProblemChars
 	, isStableKey = const True
+	, isCryptographicallySecure = const False
 	}
 
 {- The key includes the file size, modification time, and the