Data hash verification does not respect assertion's alg field

[cyraxx]

Taken from the spec regarding the alg field in data-hash-map: (emphasis mine)

? "alg":tstr .size (1..max-tstr-length) ; A string identifying the cryptographic hash algorithm used to compute the hash in this assertion, taken from the C2PA hash algorithm identifier list. If this field is absent, the hash algorithm is taken the alg value of the enclosing structure. If both are present, the field in this structure is used. If no value is present in any of these places, this structure is invalid; there is no default.

However, data_hash.verify_hash() only uses the supplied alg parameter from the claim, not self.alg:

c2pa-rs/sdk/src/assertions/data_hash.rs

Line 222 in d7868aa

let curr_alg = alg.unwrap_or("sha256");

Notably, verify_stream_hash() seems to do it correctly:

c2pa-rs/sdk/src/assertions/data_hash.rs

Lines 239 to 245 in d7868aa

	let curr_alg = match &self.alg {
	Some(a) => a.clone(),
	None => match alg {
	Some(a) => a.to_owned(),
	None => "sha256".to_string(),
	},
	};

[mauricefisher64]

Thanks, I will take a look.