Discover and support checksum files alongside the main package

[passcod]

Something a number of packages do is have a .sha256 (and/or others) alongside the file in the releases:

https://github.com/mozilla/sccache/releases/download/v0.3.0/sccache-dist-v0.3.0-x86_64-unknown-linux-musl.tar.gz
https://github.com/mozilla/sccache/releases/download/v0.3.0/sccache-dist-v0.3.0-x86_64-unknown-linux-musl.tar.gz.sha256

https://github.com/orhun/git-cliff/releases/download/v0.9.2/git-cliff-0.9.2-x86_64-apple-darwin.tar.gz
https://github.com/orhun/git-cliff/releases/download/v0.9.2/git-cliff-0.9.2-x86_64-apple-darwin.tar.gz.sha512

Once we have checksum-checking support, we should auto-discover those for common hash algorithms (sha256, sha512, b2, b3).

[passcod]

Also the format of these is a text file containing either:

• the hash in hex and nothing else
• the hash and filename, in shaNsum CLI tool format

[NobodyXu]

Also the format of these is a text file containing the hash in hex and nothing else.

git-cliff also contains the filename of the archive, which I think is generated by sha512 command.
We can simply trim that though.