Verify Downloads Checksum & Signature

[markmsmith]

Due to the increasing frequency of supply chain attacks, it would be nice if tfswitch verified the checksums and gpg signatures of terraform when it downloads it for the first time, as described here:
https://www.hashicorp.com/security#template-page-security:~:text=Release%20Archive%20Checksum%20Verification

Here's some example bash code that may provide a useful starting point for doing the equivalent in Go:
https://gist.github.com/markmsmith/cda59d5f24a812bea66fb3dbd7612397