Verify git-lfs checksum
What does this MR do?
Adds git-lfs tarball verification when building helper image
Why was this MR needed?
It happened before where release tarballs were replaced by malicious users without authors knowing it. All downloads which didn't verify checksums would then pull in tampered binaries which is less than desirable. Gitlab runner helpers are images run companies and individuals in their private networks, GitLab being trusted vendor shouldn't distribute unverified binaries.
Does this MR meet the acceptance criteria?
- Documentation created/updated
- Added for this feature/bug
- All builds are passing
Branch has no merge conflicts with
master(if you do - rebase it please)