Moved the RSA signing throw into the signing function

[bluebaroncanada]

Throwing should be inside this private function for proper separation of concerns.

hash_hmac returns false when the algorithm does not exist, but it is not checked. Added checking and a test. They recently did remove non-cryptographic algorithms, so it might be a good idea to check.

The hash_algos function isn't sufficient, though. Working on a patch for php_src.