Use minisign to verify tarball

[hendriknielaender]

Use the official minisign to verify the downloaded zig version.

https://ziglang.org/download/

[jinzhongjia]

for verifing tarball, we can use this lib, https://github.com/jedisct1/zig-minisign/tree/main

[hendriknielaender]

Since the RFCs specs are relatively small, I would prefer if we built it into zvm. We also only need the verification part.