Add SHA-256 integrity verification for downloaded bundles

## Summary

Verify bundle content hashes after download to ensure integrity and prevent tampering.

## Motivation

Users need confidence that downloaded bundle content matches the intended source. Without verification, there's no protection against:
- Man-in-the-middle attacks during download
- Corrupted downloads
- Tampered releases

## Proposed Solution

1. Add hash field to bundle manifest:
   ```json
   {
     "files": {
       "presets/full.json": "sha256:abc123..."
     }
   }
   ```

2. After downloading a bundle, compute SHA-256 of each file and verify against manifest

3. Fail with clear error if hash mismatch detected

## Acceptance Criteria

- [ ] Bundle manifest supports hash entries
- [ ] Downloaded content is verified against hashes
- [ ] Clear error message on hash mismatch
- [ ] Graceful degradation if no hashes present (for backwards compatibility)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SHA-256 integrity verification for downloaded bundles #160

Summary

Motivation

Proposed Solution

Acceptance Criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add SHA-256 integrity verification for downloaded bundles #160

Description

Summary

Motivation

Proposed Solution

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions