RAMPART-44 / RAMPART-252: add a dedicated algorithm-downgrade test

Follow-up to the Gemini review: add a focused, deterministic test for the new
inbound algorithm-suite enforcement, rather than relying only on the incidental
coverage from RampartTest case 34.

PolicyAssertionsTest.testAlgorithmSuiteDowngradeRejected builds a signed request
with a Basic128 (SHA-1) policy, then validates it as the server against a
Basic128Sha256 (SHA-256) policy and asserts the message is rejected - a peer must
not be able to downgrade the digest algorithm below what the policy requires.

Confirmed the test guards the fix: with applyAlgorithmSuite disabled the SHA-1
signature verifies and the message is accepted, failing the test. Adds the
rampart-asymm-binding-1-sha256.xml policy (a Basic128Sha256 copy of
rampart-asymm-binding-1.xml). Verified with a full clean -Papache-release verify
across all modules including the nine policy samples on JDK 25.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>