Lock the digests by adding sha256 values for installed packages.

[nmahendru]

Populate sha256 instead of sha256sums(https://github.com/cashapp/hermit/pull/299) for the installed packages in an activated hermit environment. This is an alternative approach and might look a little better on the manifest file as it keeps the shasum in the version block. It also makes it really hard as a variety of constructions of the manifest file need to be handled where the versions can be at any level.

This version actually covers: 1. Version blocks with platform. 2. Version blocks without platform dependent packages like gradle.

This still needs implementation for

1. cases marked in TODO like: https://github.com/cashapp/hermit-packages/blob/31f421d7396046f5fd296daa9239ecd1e2ba1d4b/openjdk.hcl#L33-L40
2. Channels
3. autoversion with platform dependent packages.

Usage:

1. Clean the cache using: hermit clean -c -p
2. Generate manifest files using: hermit manifest lock-digests
3. look for manifest files in bin/lockDigests for the installed packages.

Note: Working on this has made me believe that there are countless permutations that can occur and we will need to take a decision to support probably the version + explicit platform definitions. A discussions might help clean this out.