fix(ci): verify LuaRocks tarball checksum before install

[shreemaan-abhishek]

Description

utils/linux-install-luarocks.sh downloads the LuaRocks source tarball with wget and immediately extracts and builds it without any integrity verification. This means a corrupted download or a compromised/MITM'd fetch would be built and installed silently.

This change hardens the install step against supply-chain tampering by pinning the expected SHA256 of the LuaRocks tarball and verifying it with sha256sum -c - before extraction. If the checksum does not match, the script fails fast instead of building untrusted code.

How:

• Pin LUAROCKS_SHA256 for the already-pinned LUAROCKS_VER=3.12.0.
• Download to an explicit output path, then verify the checksum, then extract.

The expected hash 745e3c5df2f955ecaf60ba1361cfc224564ef7ec210e9a784a3858ae853e9f7c was confirmed by downloading https://github.com/luarocks/luarocks/archive/v3.12.0.tar.gz and computing its SHA256.

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)