feat: validate downloaded archive

[joejordanbrown]

Fixes #96

This checks if the downloaded archive is valid.

Tested with Envato Market updater, It failed because it stores an invalid download URL in plugin updates. SatisPress uses that URL and it downloads the HTML page and not the plugin/theme archive.

Should fix any plugin updater that fails with auth issues too.

Possible improvements: It could add extra checks for an empty archive or the correct depth of the plugin.

ping: @bradyvercher

[joejordanbrown]

@bradyvercher any update? Since every time we update this plugin, we have to patch this in to fix invalid archives.

I've seen your branch that includes new features which will come in super handy once in the master, thanks for the great plugin and constant improvements.

Even with that branch features update, this would be an issue because we've monitored a number of times when an update server goes down it doesn't always return an error response so you end up downloading the HTML error page as an invalid archive.

[bradyvercher]

Thanks for the pull request and for following up on this, @joejordanbrown! I agree that a validator is a necessity at his point and had been messing around with a few ideas a couple months ago. I was thinking about something a little more robust, but this might be a good short term fix with the goal of abstracting the validation logic in the future to make it testable.

[bradyvercher]

This should be good to go in version 0.7.