Add support for contents checksums. This is meant to be used for tarballs
like the ones coming from https://*.googlesource.com/ which on every download
change their outer checksum due to being packaged with different date/time
stamps or similar.
If such a distfile still contains the same files as the author of a template
found, then the checksum of its contents can be specified by prepending a
commercial at (@) to the corresponding checksum="..." line.
Depending on the format of the distfile its entire contents will then be
piped into sha256sum and the resulting digest is verified against what
follows after the @.
c1fd6c389e