Validate checksums of downloaded files

[splatteredbits]

trafficstars

It's important for secure tool supply chain management that all packages that get downloaded from the internet get validated to be the same bits as officially published. Please add validating sha256 checksum of any downloaded binaries to ensure the bits downloaded are official and haven't been tampered with.