feat(upload): manage MCAP checksum verification and stored hash

[05F3759DF]

Context

The final file checksum should be computed and verified during upload, then managed by Keystone or object storage metadata. It should not be written into the MCAP file itself because the checksum is computed after finalization.

Scope

• Accept or compute the finalized MCAP SHA-256 during upload ingestion.
• Verify the uploaded MCAP object against the reported checksum when possible.
• Store checksum, file size, object key, verification status, and verification time in Keystone.
• Make checksum state available to downstream indexing and operations views.
• Handle retry or mismatch cases without corrupting existing metadata records.

Acceptance Criteria

• Keystone stores a verified checksum for MCAP uploads.
• Checksum mismatch is reported as a failed or quarantined upload state.
• MCAP metadata extraction does not depend on the checksum being embedded in MCAP.
• Existing JSON-sidecar uploads remain compatible during migration.
• Tests cover verified upload, checksum mismatch, missing checksum, retry behavior, and metadata/index interaction.

Related

• feat(uploader): compute upload checksum without requiring sidecar JSON axon#98