[RFE] create a more robust check if the checksum is valid

[grvn]

Right now update.sh does the following check

[[ ! ${SHA256} =~ ^[a-z0-9]+$ ]] && printf "got junk instead of sha256\n" && exit 1

which obviously has a flaw (see #2 (comment)).

D.o.D: there is some sort of verification of the checksum, preferably done through some sort of API call to the git hosting provider ( or some alternative approach is done, like #4 for GitHub )