Usage of X-SHA-256 and other cleanups in BUD-11

[pippellia-btc]

Hey @hzrd149, I found several issues in the current BUD-11, so instead of pointing them out I fixed them in a PR to the branch.

Readable version

TLDR;

1. BUD-11 had a section "Endpoint-specific requirements" which didn't match the requirements in the specific BUDs. So I've unified all logic in the BUD-11, and other buds just link to it, which IMO makes implementations easier to make.

2. Previously, the "x" tag of an auth token of an /upload needed to match the request sha256. This is problematic because servers need to A) buffer the blob and B) compute the hash just to validate auth.
   We thought of using the Content-Digest header for this, however, that header has a specified encoding, which allows different hash functions. This freedom doesn't exists in blossom, so I preferred to use another header, which is X-SHA-256, already used in the HEAD /upload and HEAD /media.

I fixed also several typos, clarified few concepts, defined the encoding of X-SHA-256.
I've kept the requirement of the "x" tag for most endpoints, with the exception of GET /sha and HEAD /sha (even though I disagree and I would make it optional everywhere).

Take your time and let me know what you think.