Detect updated files online via sha256

When a rootfs build uses packages that are provided online socks tries to use the "Last-Modified" field to detect if the file has been updated. In cases where this is not possible, it should be good to check if there is a respective sha256 checksum file online. If it is available, it can be used to check if the file has been updated. 