Make it easier to verify that the unsigned apk from a build is matching the signed apk we published

I think we can have a script or makefile command to make it easier for someone who rebuilt tor browser to check that the unsigned apk from their build is matching the signed apk we published.

To do that I think we can use apksigcopier: https://github.com/obfusk/apksigcopier

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information