Document how to verify reproducibility of build of a mullvad/tor browser release

I think many users don't know that our builds are reproducible, or how they can rebuild to verify that they get a matching build.

We could generate a reproducible-build.txt file in the release directory containing the following informations:

which git repository to clone
which commit to checkout
which command to use to start the build
which sha256sums to expect after the build finished
how to remove embedded signatures from exe and mar files we publish to check that they match the unsigned build

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information