hashVerifyReader now uses blobgen.Reader.Sum256() for the first hash
instead of maintaining its own sha256 hasher over the same bytes.
Eliminates duplicate SHA-256 computation on every read.
FetchAndDecryptBlob now returns io.ReadCloser with a hashVerifyReader
that computes the double-SHA-256 on-the-fly during reads. Hash is
verified on Close() after the stream is fully consumed. This avoids
loading entire blobs into memory, which could exceed available RAM.
Addresses review feedback on PR #39.
Add double-SHA-256 hash verification of decrypted plaintext in
FetchAndDecryptBlob. This ensures blob integrity during restore
operations by comparing the computed hash against the expected
blob hash before returning data to the caller.
Includes test for both correct hash (passes) and mismatched hash
(returns error).
