Post audit: update ARM to show how to confirm source code integrity

Another proposal by @manu's audit. We should document how to check the integrity of the source code (and packages, too).

With the SBOM being increasingly focused, this is an important aspect. Fortunately, it's very easy doc update.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information