Re-verify artifact hashes when reading from caches / sending over the network

[iliana]

By the point the artifacts end up in these places, we've verified that they were not tampered with. But adding more checksum verification to what will be an already-slow process doesn't hurt and can help us prevent writing bad data to devices in case of bit flips.

• Nexus should re-verify artifact hashes when reading from its cache.
• Nexus should tell Sled Agent the sha256 checksum of an artifact when it tells it to download and apply it, and Sled Agent should verify that on download.

(From #717)

[iliana]

This issue was opened against the old repo upload endpoint, but its concern has been resolved; Sled Agent verifies artifacts before writing them to its artifact store. The presumption is that the artifacts do not need to be re-verified on read.