Check Omaha sha1 hash if available and Verify checksum after download, with retry

[pothos]

• Check Omaha sha1 hash if available
  Old Nebraska servers were missing the newly introduced sha256 attribute and might only serve paylads with the regular sha1 attribute set. The generic payload is also just using the regular sha1 attribute because at that time a different extension was used which holds the sha256 checksum for the generic payload.
  Support the regular Omaha sha1 hash for use with old Nebraska servers. This makes it also easy to test with the generic payload.

• Verify checksum after download, with retry

  The self.verify_checksum(...) call's return value wasn't checked in the
  package download call. Even if we do it there we should rather move it
  into the retry loop and make it explicit whether we expect certain
  checksums or not.
  Check the checksum after the download, and also retry when it
  mismatches.

How to use

Fixes #31

I think this is the last piece to start using it in Flatcar.

Testing done

RUST_LOG=debug target/release/download_sysext -p ~/kinvolk/scripts/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-au-key/files/official-v2.pub.pem -m oem-azure.gz -o /var/tmp/outdir/ -u https://update.release.flatcar-linux.net/amd64-usr/3815.0.0/oem-azure.gz -v
RUST_LOG=debug target/release/download_sysext -p ~/kinvolk/scripts/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-au-key/files/official-v2.pub.pem -m oem-azure.gz -o /var/tmp/outdir/ -i /var/tmp/beta-response -v
RUST_LOG=debug target/release/download_sysext -p ~/kinvolk/scripts/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-au-key/files/official-v2.pub.pem -m flatcar_production_update.gz -o /var/tmp/outdir/ -i /var/tmp/beta-response -v

[dongsupark]

Looks good in general.

[pothos]

I've fixed all warnings and added running clippy in the CI, otherwise it's too easy to forget.