CloudStream is missing dependency verification

[fire-light42]

Cloudstream is currently missing dependency verification.

This would prevent supply chain attacks and add more trust in the build process. This is especially useful for us as we fully rely on automated builds for pre-release. Adding it would increase dependency management overhead but I feel like the increased security is worth the cost.

Should we add it? Opinions are welcome!

[fire-light42]

@Luna712 You are the main contributor in regards to Gradle management and dependency updates, what do you think?

[Luna712]

I can work on this once I finish my work on AGP 9 with built-in Kotlin support which is only one PR away once #2285 and #2582 are merged as well as some of my work in recloudstream/gradle for extensions to support it. But I agree this is probably a good idea.