feat(storage): enable default CRC32C checksum validation for object downloads

[salilg-eng]

Overview

Enables full object checksum validation (CRC32C by default) across GCS JSON read paths, covering all four download methods: downloadAsString, downloadToFile, downloadAsStream, and downloadAsStreamAsync.

It integrates a HashValidatingStream decorator that computes hashes on-the-fly and validates them upon reaching the end of the stream.

Key Features

• CRC32C by Default: Prioritizes lightweight, hardware-accelerated CRC32C validation.
• MD5 Fallback: Automatically falls back to validating MD5 if a CRC32C hash is not available on the GCS object.
• Configurable Options: Supports user overrides through the 'validate' parameter (crc32, md5, or false to disable).
• Subrange Bypass: Bypasses checks automatically on partial range downloads (HTTP 206 Partial Content) where full object validation is incompatible.

Buganizer Tasks Resolved

• Fixes b/514548528 ([PHP] SDK: Full object checksum for all JSON and XML Reads as well)

Testing

• Added new unit tests in HashValidatingStreamTest.php.
• Added sync/async integration test cases inside RestTest.php.

[gemini-code-assist]

Code Review

This pull request implements on-the-fly hash validation for object downloads using a new HashValidatingStream decorator. The Rest connection class is updated to wrap download streams and validate them against CRC32C or MD5 headers. Feedback identifies a potential issue where seeking on the decorated stream could corrupt hash calculations, suggesting that seeking should be explicitly disabled in the HashValidatingStream class.