Instructions for verifying the sha256sum file belong on the verifying-signatures page.
Right now we have instructions on verifying the build on our FAQ page (https://www.torproject.org/docs/faq#VerifyDownload), which is not the best format for new documentation. It makes sense to instead provide these instructions alongside the rest of our documentation on verifying the integrity of our software with GPG, at https://www.torproject.org/docs/verifying-signatures. Erinn has asked me not to edit the signature verification page directly, so I'm instead attaching a patch of what I had in mind.
If my patch does not reflect the direction we want to take our documentation, we could also think about other ways of getting build verification instructions off the FAQ; for example, creating a dedicated wml page on the deterministic build system.