sq verify should support checksum files

It's not uncommon for software to not be signed directly, but indirectly via a checksum file. Fedora does this. When downloading an image, the verify instructions (click on a verify button) says:

1. Download the checksum file into the same directory as the image you downloaded.

2. Import Fedora's GPG key(s)

curl -O https://fedoraproject.org/fedora.gpg

3. You can verify the details of the GPG key(s) here.

Verify the checksum file is valid

gpgv --keyring ./fedora.gpg Fedora-Workstation-39-1.5-x86_64-CHECKSUM

4. Verify the checksum matches

sha256sum -c Fedora-Workstation-39-1.5-x86_64-CHECKSUM

It would be great if sq verify could directly work with these files so that the user only has to use a single command to verify the iso and not two. That is, it should be possible to combine steps 3 and 4. Ideally, we could even include step 1, if we are willing to have sq verify download the file.