fix(updater): add SHA-256 checksum verification before binary installation

[bhumika-ks31]

## Summary

This PR fixes a security issue in the updater module where downloaded binaries were written to disk without integrity verification.

Previously, install() downloaded the update binary and directly wrote it to disk without validating authenticity or integrity.

Problem

• No checksum validation for downloaded update binaries
• Manifest did not require a checksum field
• Potential risk of tampered or corrupted update installation

Solution

• Added checksum (SHA-256 hex) field to the Manifest type
• install() now verifies the binary hash before writing to disk
• Uses constant-time comparison to prevent timing attacks
• Throws NE_UP_UPDCSER error if checksum validation fails
• checkForUpdates() rejects manifests missing the checksum field

Security Impact

• Prevents installation of tampered update binaries
• Enforces manifest integrity requirements
• Protects against man-in-the-middle or corrupted update attacks

Tests

• All existing tests pass
• Added validation for checksum mismatch handling
• Build successful (npm run build -- --dev)

[prasu-baran]

Hello @bhumika-ks31 ! ,
first few things you should see here like i am seeing these below files which shouldn't be in the commit I don't see their use here

• tatus
• package-lock.json

can you explain why are the hardcoded string being used in the code const a const b somewhat
remove those things and I think should give a proof of some screenshot or some screen recording how it is working over your system ?