fix: sha256sum --ignore-missing silently passes when no entry matches binary name

[jamesadevine]

sha256sum -c checksums.txt --ignore-missing exits 0 if all listed files happen to be missing (the --ignore-missing flag suppresses "no such file" errors entirely). If checksums.txt contains no entry matching the downloaded binary name, verification silently passes — meaning a corrupted or swapped binary could slip through.

Suggested fix: After the sha256sum call, add an explicit check that the expected binary was actually verified. Options:

1. Add --strict flag (if supported by the target sha256sum version)
2. Post-check that the binary filename appears in the checksums output:
   �ash sha256sum -c checksums.txt --ignore-missing 2>&1 | grep -q "ado-aw-linux-x64"
3. Use a targeted checksum line instead of the full checksums.txt:
   �ash grep "ado-aw-linux-x64" checksums.txt | sha256sum -c -

This applies to all download steps in both templates/base.yml and templates/1es-base.yml (ado-aw compiler downloads and AWF firewall downloads).

From PR #43 review feedback.