Include SHA256 from Maven distribution into the maven-wrapper.properties

[mhalbritter]

The maven wrapper supports checking the SHA256 sum of the downloaded maven distribution. To harden security we should put the sha256 hash into maven-wrapper.properties.

[mhalbritter]

We're now including the sha256 of the Maven zip. I've also added tests to detect when we mess up that SHA checksum somehow.

[cdelashmutt-pivotal]

Actually, I think there may be a problem with this. It looks like the current Maven Wrapper script that is generated for Maven 3.9.9, includes some logic starting at line 175 that will switch the downloaded file type from .zip to .tar.gz if the unzip command isn't found in the environment you are running mvnw on. (https://github.com/apache/maven-wrapper/blob/maven-wrapper-3.3.2/maven-wrapper-distribution/src/resources/only-mvnw#L175-L179)

This means that the included SHA256 might be wrong when the download URL for the binaries for Maven gets switched to .tar.gz.

It ultimately seems like this might be a deficiency in the Maven wrapper, since it doesn't seem to me that you can specify SHA256 sums for both of the possible downloads that could occur (one for .tar.gz and one for .zip).