feat(builtins): add verify command (non-standard, file integrity verification)

[chaliy]

Summary

A non-standard builtin that combines checksum generation and verification into a simple workflow. While sha256sum exists, the full verify-against-known-hash workflow is clunky. This wraps the common pattern.

Proposed Syntax

verify [OPTIONS] file [expected-hash]
# or
verify --generate file

Proposed Flags

Flag	Description
-a ALGO	Algorithm: sha256 (default), sha1, md5, sha512
--generate / -g	Output hash for the file
--check FILE / -c FILE	Verify against checksums file (sha256sum format)
-q / --quiet	Only exit code, no output

Use Cases

# Verify a download
verify -a sha256 file.tar.gz "abc123..."

# Generate checksum
verify --generate file.tar.gz
# sha256:abc123...  file.tar.gz

# Check against checksums file
verify --check SHA256SUMS

# Quick integrity check in scripts
if verify -q file.tar.gz "$EXPECTED_HASH"; then
    echo "OK"
fi

llm_hint()

Some("verify: File integrity. `verify file.tar.gz 'abc...'` checks sha256. `verify -g file` generates hash. `-a sha1/md5/sha512`.")

Implementation Notes

• Thin wrapper over existing sha256sum/md5sum/sha1sum builtins
• The value is in the simpler UX: verify file hash vs echo "hash file" | sha256sum -c
• Auto-detects hash algorithm by length if -a not specified

[chaliy]

Documentation Requirements

Since this is a non-standard (invented) builtin, it must be documented in two places:

1. README.md — Add to the "Built-in Commands" table under a new Extensions category row (non-standard bashkit-specific commands, clearly marked as extensions)
2. crates/bashkit/docs/extensions.md — Create or update a dedicated extensions guide covering all invented builtins, with short descriptions, examples, and rationale for why each exists

This ensures users discover these commands and understand they are bashkit-specific, not standard Bash.

[chaliy]

Resolved in PR #585 or #588