Add checksums to releases

[Jake-Shadle]

Currently, there are no checksums associated with a platform's release tarball so that installers can validate them, eg. scoop.

Usually, this is done with something like ${project}_${version}_checksums.txt, but this might be annoying for sccache because it isn't cross-compiled, so maybe just doing a simple ${tarball_name}.sha/256 would allow easy validation without complicating the release process too much.

https://github.com/gohugoio/hugo/releases is a good example.

[luser]

This should be straightforward enough to do. The Linux/Mac releases get built on Travis and packaged in the before_deploy step:

sccache/.travis.yml

Lines 43 to 48 in 05bd9c7

	before_deploy:
	- name="sccache-$TRAVIS_TAG-$TARGET"
	- mkdir $name
	- cp target/$TARGET/release/sccache $name/
	- cp README.md LICENSE $name/
	- tar czvf $name.tar.gz $name

Any additional files uploaded probably need to be mentioned in the deploy.file key:

sccache/.travis.yml

Line 54 in 05bd9c7

file: sccache-$TRAVIS_TAG-$TARGET.tar.gz

The Windows release gets built on AppVeyor and packaged in the before_deploy step there:

sccache/appveyor.yml

Lines 55 to 64 in 05bd9c7

	before_deploy:
	- ps: |
	$NAME = "sccache-${env:APPVEYOR_REPO_TAG_NAME}-${env:TARGET}"
	New-Item -Path $NAME -ItemType directory
	Copy-Item target/release/sccache.exe "${NAME}/"
	Copy-Item LICENSE "${NAME}/"
	Copy-Item README.md "${NAME}/"
	7z a -ttar "${NAME}.tar" "${NAME}"
	7z a "${NAME}.tar.gz" "${NAME}.tar"
	Push-AppveyorArtifact "${NAME}.tar.gz"

There's similarly a deploy.artifact key that likely needs updated:

sccache/appveyor.yml

Line 67 in 05bd9c7

artifact: /.*\.tar.gz/