Provide checksums of or sign releases

[RemcodM]

Is your feature request related to a problem? Please describe. For more automation in our workflow of updating our infrastructure with the newest Buildkite Agents, we would like to automatically check the integrity of the downloaded artifacts.

Describe the solution you'd like It seems that in the past, it might have been possible to get sha256 sums via #500, however, this does not seem to be possible anymore (or is it?). Something like providing checksums would already be sufficient, even nicer would it be if the builds could be signed, for example using PGP.

Describe alternatives you've considered At this point, we calculate the checksums ourselves to ensure that the artifacts doesn't change from build to build, but that is a lot of manual work that is almost impossible to automate correctly. Provided checksums also give more confidence that the artifact was uploaded correctly from your side.

Additional context