fix(perf): pull hashes without refreshing metadata

[stephenplusplus]

Fixes #1338

This PR narrows the conditions for when a metadata refresh is required during a file download.

Before:

1. user calls file.createReadStream()
2. file finishes downloading
3. we call file.getMetadata() to get the remote file's hashes, even if the user disabled data integrity (validation: false)
4. if validation wasn't explicitly disabled, we confirm data integrity, comparing locally computed hashes vs. hashes from the API

After:

1. user calls file.createReadStream()
2. our API call to begin the download grabs the remote file's hashes from the response headers (x-goog-hash)
3. file finishes downloading
4. if validation wasn't explicitly disabled, we confirm data integrity, comparing locally computed hashes vs. hashes from the first call to the API (step 2)

So, one less API call.

[codecov]

Codecov Report

Merging #1419 (1d79a1b) into master (d0c165c) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #1419   +/-   ##
=======================================
  Coverage   99.10%   99.10%           
=======================================
  Files          14       14           
  Lines       12145    12155   +10     
  Branches      529      530    +1     
=======================================
+ Hits        12036    12046   +10     
  Misses        109      109           

Impacted Files	Coverage Δ
src/file.ts	99.94% <100.00%> (+<0.01%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d0c165c...1d79a1b. Read the comment docs.

[frankyn]

Reviewed this PR with @shaffeeullah on md5 hashes she'll follow-up on remaining Node.js specific changes:

1. Composed objects will not support md5. Could you add a warning / message to users that it can't be validated because it's a composed object (only md5: https://cloud.google.com/storage/docs/composite-objects#metadata).
2. Could you also add a unit test for this case?

Example of a non-composed GCS Object response headers:

HTTP/1.1 200 OK
X-goog-metageneration: 53
Content-location: https://storage.googleapis.com/storage/v1/b/anima-frank/o/coderfrank?alt=media
Content-disposition: attachment
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Vary: Origin,X-Origin
Content-length: 0
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Etag: CNerzaGOku8CEDU=
X-goog-generation: 1614705373435351
Pragma: no-cache
X-guploader-uploadid: ABg5-UzkhLZtBh_nh_MyJJUrxf2cptQxl5InjXd8jYRhUN31wS_DHiHBctrKCu7RLyi0q_5cZvAdHpj1D7nS9FsgsbI
Date: Mon, 15 Mar 2021 20:48:06 GMT
X-goog-hash: crc32c=AAAAAA==,md5=1B2M2Y8AsgTpgAmY7PhCfg==
Content-type: application/octet-stream
X-goog-storage-class: MULTI_REGIONAL

Example of a composed GCS Object response headers:

HTTP/1.1 200 OK
X-goog-metageneration: 1
Content-location: https://storage.googleapis.com/storage/v1/b/anima-frank/o/coderfrank-composed?alt=media
Content-disposition: attachment
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Vary: Origin,X-Origin
Content-length: 0
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Etag: CNr8/deVs+8CEAE=
X-goog-generation: 1615841237892698
Pragma: no-cache
X-guploader-uploadid: ABg5-UzkOS0YokMzs44P_reufnM5l2idHXaVhKKbsjyQr1OzvgqZtOUIEkahxuFplJfkcylpFQ_4GyEq98JbWocEvt4
Date: Mon, 15 Mar 2021 20:48:59 GMT
X-goog-hash: crc32c=AAAAAA==
Content-type: application/octet-stream
X-goog-storage-class: MULTI_REGIONAL

[stephenplusplus]

I wouldn’t mind tackling that in a follow-up PR, unless you feel strongly it should be included here. This change shouldn’t alter the behavior we currently have, as far as how that situation is handled.

I will add a test for if just one algorithm comes back.

[stephenplusplus]

Test added.

[frankyn]

Thanks @stephenplusplus, LGTM!

Pending @shaffeeullah approval as well.