Add workflow to publish SHA256 checksums for release assets

[Ashutosh0x]

Summary

Adds a GitHub Actions workflow (
elease_checksums.yaml) that automatically computes and uploads a checksums.txt file containing SHA256 hashes for all release artifacts.

Fixes #16165

What it does

When a release is published, this workflow:

1. Downloads all release assets
2. Computes SHA256 checksums using sha256sum
3. Uploads a checksums.txt file as a new release asset

Users can then verify downloaded artifacts:
sha256sum --check checksums.txt

Design decisions

• checksums.txt format: Matches the approach used by yamlfmt, as suggested in the original issue
• sha256sum output: Standard format, directly usable with sha256sum --check
• Sorted output: Ensures reproducibility across runs
• workflow_dispatch: Allows maintainers to back-fill checksums for existing releases
• --clobber on upload: Safe to re-run without errors
• Minimal scope: Single file, no changes to existing workflows

Impact

• ~6,400 repos using arduino/setup-protoc currently download protoc binaries without any integrity verification
• Thousands of shell scripts fetch releases via curl/wget with no way to verify checksums
• This gives all users a standard way to verify artifact integrity

cc @alexeagle @mkruskal-google