As mentioned in the question, I submitted a bug to docker about this, and the docker team got on it quite quickly. Unfortunately, the outcome is that it's not actually a bug in docker, rather the docs were wrong about what algorithms are supported. Only sha256 is supported, the reason was explained in this older comment.
The gist being that the checksum option doesn't just run a full checksum on the downloaded artefact, it's integrated with docker's own layer hashing system, which (I assume) only uses sha256.
A change to the docs has been submitted already (though as of this writing it's not live)
I'm probably massively oversimplifying or misrepresenting some details here, but that's a Good Enoughâ„¢ explanation for me. If you need to know more than a very surface answer to the question "why can't I use other checksum algorithms in ADD in a Dockerfile", please don't rely on this answer and look into it more deeply.
If you need to perform a checksum on a build artifact with a different algorithm than sha256, you can't do it with ADD --checksum. To do that, see @DazWilkin's answer