Regenerate native_checksums.txt for the current @version.
Hex consumers verify each downloaded NIF tarball against the checksum
pinned in native_checksums.txt, which ships inside the hex package
(and is therefore covered by Hex's package hash in the consumer's
mix.lock). That roots trust independently of the GitHub release the
tarball is fetched from.
Run as part of cutting a release, after release-nif.yml has built
and uploaded the tarballs and the draft release is public. Normally you
invoke it via mix emily.publish, then publish separately with mix hex.publish (two steps on purpose — see MAINTAINING.md). The generated
file is git-ignored: it is packaged at publish time, not committed.
It downloads each supported tarball from the release and computes the
checksum locally (it does not trust the .sha256 sidecars).