commitpkg: disallow if PKGBUILD hash mismatches package's enclosed hash

Several cases showed that we release packages that were built with different PKGBUILDs than the one commited to the source tree. This is bad for obvious reasons plus sploils reproducible builds.

We, under no circumstances, want to allow using commitpkg to publish and release a packages whose PKGBUILD doesn't match the one to be commited.