There's a closed pull request on the void-packages repository

RFC: Check for reproducible builds.
https://github.com/void-linux/void-packages/pull/30588

Description:
### Introduction

In void-packages the packages are anything but reproducible. Many other distributions, first and formost [NixOS](https://nixos.org/) and even [Debian](https://wiki.debian.org/ReproducibleBuilds) already did a lot of work to generate packages with stable checksums. Void's build system is able to do something similiar - with a few constraints - without much work.

### This is a starting point, not more.

As a first step to actually get an idea how bad the situation is I implemented a simple checker that compares the checksum of packages defined in templates to the actual result and spits out warnings they don't match.

This also introduces new variables to the templates:

`pkg_checksum_<arch>`, where <arch> is a sanitized version of the resulting architecture (`x86_64_musl` for `x86_64-musl` for example)

### Constraints:

* the packages are currently build with the githash backed in. This is an issue as the build is only stable within a certain commit.

### ToDo

* The documentation is currently not done, but will be added later.
* Find a way to make our package format reproducable across commits.