RFC: Support the retrieval of the sha256sums in bs_srcserver getfilelist

[marcus-h]

    This way it is possible to implement "osc copypac --to-apiurl <foo> ..."
    in a more "secure" way without any additional overhead (that is,
    without the need to download all source files and manual digest
    computation). osc's current implementation is somewhat "insecure"
    because it solely relies on md5.

This is just an idea... feel free to reject:)