Add C:// authenticity validator

[unwriter]

Add a C:// sha256 validator. Could be implemented in a couple of different ways

1. Synchronous: Block the response if the hash doesn't match
2. Asynchronous: Load all, but display a warning if the hash and the content don't match

[mathiasrw]

Like an https site with an invalid certificate, I have a feeling it should be a (big clear) warning - but one should be able to access the content (also good for debug)

[unwriter]

(also good for debug)

Great point.

Yes this was the option I am leaning towards. Also some other benefits of the asynchronous option:

1. Performance: Processing everything in realtime is too resource intensive. Basically if you had 1000 images on a page, you have to run SHA256 for every single one of them whenever you load that page.
2. Simple Implementation: It's much simpler to implement because then it's just a UI issue. Whereas trying to implement realtime transform-and-stream option (and doing it at high performance) would be too much work.