Check downloaded resources integrity

[alexec]

When you pull a resource down, you should check the resources hash against a known good value, in case the third-party is compromised and an attacker replaces the resource (Javascript) with something bad.

Basically this:

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

<script src="https://example.com/example-framework.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

Could be done like this:

apiVersion: argoproj.io/v1alpha1
kind: ArgoCDExtension
metadata:
  name: hello-world
  finalizers:
    - extensions-finalizer.argocd.argoproj.io
spec:
  sources:
    - git:
        url: https://github.com/argoproj-labs/argocd-example-extension.git
    - web:
        url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar
        integrity: sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC