Udate codecov script sha verification on CI

Since the security breach at codecov, we've been verifying the codecov
script before running it.

The codecov sha sum files include an entry for "codecov" which we
use, and another for "env" which we do not.

A recent GitHub Actions image update also seems to have updated sha sum
utilities.  We are now required to provide --ignore-missing for
downloaded codecov sha sum files so that "env" can be ignored and
not cause a failure. This seems like a sensible and conservative
default. So... good!

I verified that if the "codecov" file is missing (in other words
everything is missing), we'll still fail, which is what want.

Author: lread

.github/workflows/code-coverage.yml

@@ -53,7 +53,7 @@ jobs:
         VERSION=$(grep 'VERSION=\".*\"' codecov | cut -d'"' -f2);
         for i in 1 256 512
         do
-          sha${i}sum -c <(curl -s "https://raw.githubusercontent.com/codecov/codecov-bash/${VERSION}/SHA${i}SUM")
+          sha${i}sum -c --ignore-missing <(curl -s "https://raw.githubusercontent.com/codecov/codecov-bash/${VERSION}/SHA${i}SUM")
         done
         echo "Uploading to codecov"
         bash codecov -f target/coverage/codecov.json