Fail explicitly on hash mismatch at build-time

Before, build would fail due to absence of wheels in the /var/securedrop/wheelhouse, at a later step.

install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/build_securedrop_app_code_deb.yml

@@ -24,8 +24,13 @@
       --requirement {{ securedrop_pip_requirements }} \
       --wheel-dir {{ securedrop_wheelhouse }} 2>&1 | tee /tmp/w.out
       ! grep -i --quiet 'Failed to build' /tmp/w.out
+  register: wheel_build_output
   tags: pip
 
+- name: Ensure source hash sums matched at wheel build-time
+  fail: msg="Source hash sum mismatch, build cannot continue."
+  failed_when: "'THESE PACKAGES DO NOT MATCH THE HASHES' in wheel_build_output.stdout"
+
 # Here we need to regenerate a new securedrop-app-code-requirements.txt file
 # *without* hashes to bundle in the .deb package, for reasons that follow:
 # If requirements hashes are in the requirments file, pip will automatically