Reintroduce the online check of sources and their checksum

[scarabeusiv]

This needs bit more work than expected.

We need to update pkg.py to give away RPMTAGS_FILEMD5S and use properly RPMTAG_FILEDIGESTS which also contains info about the algorithm used to deliver the data.

Then in spec_check we need to download the file to TMPDIR (you can ask the content- metadata info for the details but quite few webs so far report only md5) and run the requested checksum on it (in a chunks to not eat up 1gb memory on ie chromium) and compare with the RPM stored information.

def digest(filename):
    file_hash = sha256()

    with open(filename, 'rb') as stream:
        while True:
            chunk = stream.read(file_hash.block_size)
            if not chunk:
                break
            file_hash.update(chunk)

    return file_hash.hexdigest()

[scarabeusiv]

@Conan-Kudo ^ The proper handling as above will need to wait for the pkg.py rewrite. Would you be against acking the pr #246 for now and doing this after we are done with the pkg.py? I would like to not rebase the pr all the time and we will not release until the milestone bugs are fixed so it should have no impact on the end users.

[Conan-Kudo]

@scarabeusiv As long as it's coming back, I'm happy to merge dropping the existing checks.