getFileHash's catch on hash.calculateFileHash mapped every possible
error - including OutOfMemory and PermissionDenied - to a generic
SignError.FileSystem, discarding the specific error calculateFileHash
had already computed. This backs defaultSigner (used when signing repo
databases), and repository.zig/repo_history.zig have explicit
PermissionDenied/OutOfMemory handling for this exact call that could
never actually trigger because the specific error never survived
getFileHash.
calculateFileHash's HashError (OutOfMemory/FileSystem/PermissionDenied/
InvalidInput) is fully contained within SignError, so the fix is to
just propagate the error directly instead of remapping it - the
AccessDenied/EndOfStream/Unexpected branches being collapsed over were
already dead code, since HashError can never produce them.