check downloaded files known-good crypto checksum
(This is about Makefile.linux and Makefile.osx in https://svn.torproject.org/svn/torbrowser/trunk)
The packages currently downloaded in the fetch-source target are not verified against known-good checksums. Add this functionality so that we don't embarrass ourselves if someone tries to pass off a corrupt file.
Ideally this would be generalized across the Makefiles, like in a common.mk/.sh shared by both.