Publish checksums for release downloadable artifacts.

For each mpas-a release there are two downloadable artifacts, a zip file and a gz file, which contain the source code for the release. These files should be checksummed, and the checksums published.
This will enable verifying the integrity of the artifacts after they are downloaded.
