Use bundler 2.6 checksums verification more widely

With https://bundler.io/blog/2024/12/19/bundler-v2-6.html, it's now as simple as using Bundler 2.6, and following the instructions in the the linked blogpost.

Why? Having checksums in the lockfile means that any client can verify that the gem being installed at least has the same checksum. And was not hijacked in any way.

---

Action items

• For gems/, update to Bundler 2.6, and run --add-checksums, and --normalize-platforms
• For vendor/gems/, update to Bundler 2.6, and run --add-checksums, and --normalize-platforms