bazel_source: Allow downloading sources with no sha256
Apparently bazel allows sources to not specify a sha256. As a result, if we just skip sources without a sha we get builds with missing dependencies, and then everything falls over. Because not checking the sha of the source is... not great, I've made it a configurable warning when this happens, that is if there is a source missing a sha256, the fetch will fail if you wish.
Part of #20
Edited by Tom Coldrick