Fix: scheduler,controller: consistently calculate and record secure digest based on all parameters only except private ones

This reverts the behavior introduced by 6830621.

A secure digest is used for checking whether it's under the situation,
where among *all* the parameters, only any private ones have changed.
Only if so, crm_simulate should ignore the changes.

For that purpose, a secure digest is supposed to be calculated based on
*all* the parameters only except the private ones.

Previously controller calculated secure digest only based on the
parameters shown in meta-data. So the scheduler side had to filter out
CRM_meta_timeout and pcmk_stonith_* parameters, but still couldn't
ensure the consistency anyway since it doesn't know about meta-data.

CRM_FEATURE_SET is bumped to 3.16.0 for handling mixed-version cluster.