Description:
This extends archive integrity verification beyond Temurin by wiring checksum validation into the other distributions that already expose checksum metadata, and by surfacing checksum data for Zulu, Liberica, and Oracle.

• Shared verification path

  • Added a common checksum verification helper in JavaBase so installers use the same logging, warning, and error-wrapping behavior.

• Distributions now verifying checksums

  • Adopt legacy fallback, Semeru, Dragonwell, SapMachine, and Corretto now pass release checksum data through to download verification.
  • Zulu and Liberica now map checksum fields from their release APIs into installer metadata.
  • Oracle now fetches the published .sha256 sidecar for the selected archive and verifies against it when available.

• Model / API updates

  • Extended Zulu and Liberica release models to carry checksum fields.
  • Updated Liberica release queries to request sha256 explicitly.

• Test coverage

  • Added assertions that checksum metadata is propagated correctly and that shared checksum verification behavior is exercised across installers.

await this.verifyDownloadedArchiveChecksum(javaArchivePath, javaRelease);

Related issue:
N/A

Check list:

• Mark if documentation changes are required.
• Mark if tests were added or updated to cover the changes.