Previously, anyone tampering with the network could have modified the
toolchain source code in transit and the build would have proceeded as
expected.
With this patch, we can ensure that we're getting the expected
tarballs from upstream.
If the required toolchain packages change in the future, the sha256
digests of the new packages should be updated in Makefile as well.
Updated-by: Oleksij Rempel <linux@rempel-privat.de>