scripts: verify version in manifest

To make a downgrade attack harder, we also check that the version string
is contained in the manifest, on the same line as the hash.

scripts/verify-install.sh

@@ -231,7 +231,7 @@ function check_hash() {
     fi
   fi
 
-  if ! grep -q "^$SUM" "$TEMP_DIR/$MANIFEST"; then
+  if ! grep "^$SUM" "$TEMP_DIR/$MANIFEST" | grep -q "$VERSION"; then
     echo "ERROR: Hash $SUM for $2 not found in $MANIFEST: "
     cat "$TEMP_DIR/$MANIFEST"
     echo "  The expected release binaries have been verified with the developer "