Add verification of hash of jar file

[ManfredKarrer]

We can create a deterministic jar file, create a Sha256 hash from it and upload that with the binaries to Github. Users who download the app with the in-app installer will download the hash of the jar to their local data directory name with the version nr. (e.g. Bisq-0.7.0.jar.txt).

EDITED:
After download and restart of the app we verify if the hash of the running jar is the same as the downloaded hash. That happens at startup before any relevant operations have been started.
This will add additional security to ensure the jar file in the binary is not manipulated and matches the code version of the release.

The deterministic jar can be reproduced by anyone from the release commit. Users who don't use the in-app downloader can do the verification manually by either downloading the hash of the jar and adding it to the data directory or by running the hash verification by themselves.

Deterministic builds for the binary itself is unfortunately more complex. Any dev experienced with that is highly welcome to help us to get last mile also solved.

UPDATE:
It does not make sense to verify from the running jar as if it was modified the jar check can have been removed so we do not gain any security by that.
There still might be possibilities to verify the jar inside the binary before starting it manually (at least on OSX it is rather trivial to open the .app file and do manually a check with 'shasum -a 256' with the jar file inside the Contents/Java/Bisq-{version}.jar). With .deb it should be possible as well. Not sure if that is possible/easy with exe files.

[ManfredKarrer]

@cbeams @ripcurlx @sqrrm Just assigned you for verifying the concept. The deterministic build I have already working (not done a PR yet).