Windows signtool integration timeserver usage needs way to specify timestamp digest algorithm

When signing component for windows distribution, the use of a timestamp server is required during signing. Unfortunately the sign tool uses SHA1 as the default but SHA256 is recommended and required for App Store distribution.

This requires the parameter "/td sha256" AFTER the parameter /tr that specifies the time stamp server url on the command line.

When adding 

`codesign.codesignFlags: [ "/td", "SHA256" ]`

with 

`codesign.signingTimestamp: "<url>"`

it won't work as qbs inserts the flags first.

The workaround is to not use "signingTimestamp" but specify both using the flags parameters, but this is error prone and inconvenient.

A timestampAlgorithm parameter to (with default sha256) speficy the TS digest algorithm explicitly would solve this problem, otherwise the signingTimestamp parameter is quite useless when the app is to be distributed over the App Store.