Include hashes in exported requirements.txt file for zip files

[blueyed]

When using a zip file (e.g. "django-fsm-admin @ https://github.com/infarm/django-fsm-admin/archive/38f2719935be16a7c01d110651ad8ea8383bbe1d.zip") as a dependency, pdm export -f requirements does not include hashes for it, and pip then fails:

ERROR: Hashes are required in --require-hashes mode, but they are missing from some requirements. Here is a list of those requirements along with the hashes their downloaded archives actually had. Add lines like these to your requirements files to prevent tampering. (If you did not enable --require-hashes manually, note that it turns on automatically when any package has a hash.)
https://github.com/infarm/django-fsm-admin/archive/38f2719935be16a7c01d110651ad8ea8383bbe1d.zip --hash=sha256:32bc3205cec3ec83a78dd0fd0b5f02f25d81a9689493c2580c8fdb4e02c6f4ec

It would be good, if those where added automatically already.

Note that I am using a zip file here, since pip does not support it with Git urls:

ERROR: Can't verify hashes for these requirements because we don't have a way to hash version control repositories: …

Using PDM version 1.15.0.