Security -- add hash validation for llama.cpp binaries?

[HanClinto]

Currently we're checking in llama.cpp binaries directly into source control. We keep a version tag to indicate which version of llama.cpp we're copy-pasting in here, but that's a layer of trust.

Feels like a good level of cross-checking might be to validate the md5 or other hash sums with the official llama.cpp release binary checksums, to give another layer of verification that a rogue binary didn't actually get slipped into the mix.

We could even make part of the build process to be to take the version code from our version.txt and download / inflate the zip as part of the script.

Could possibly be a feature that would go hand-in-hand with #28 as well.

[mdstaff]

@HanClinto I've been experimenting with new versions of Llama.cpp and am currently downloading the binaries from the Llama-dot-cpp repo using the gh cli tool. I think it would add a bit more security to do some checksum comparisons. I'm also starting to notice the fast pace of Llama.cpp creates a kind of whack-a-mole for this project. I can't tell if this project has a build process yet or if the "Releases" are essentially tagged commits in main. I'm curious to hear from the core team on this as well.