When preparing a bugfix release, or when one has correctly resolved
merged conflicts in the previous step, this operation is a no-op.
That's fine. But let's keep it around as a fail-safe, in case
a mistake was made during the merge conflict resolution previously.

Most RMs should already have Git/SSH configuration to use torsocks
for our canonical Git repo.

When I automated this step, I was confused due to the problem I've fixed in the
previous commit, so I wrote code that checks the published products against the
IDF, while here we want to check the locally built products against the IDF.

Granted, here again, this was valid *transitively*, because of the implicit (and
so far correct) assumption that, at this point, we've already verified that what
we have built matches SHA512SUMS.txt, and that the published products match
SHA512SUMS.txt too, so both sets of products are equivalent at this point.

Still, for the same reason as in the previous commit, let's simplify and
directly do the check we want.

The previous instructions did the check we want… *transitively*: we checked that
the published products matched SHA512SUMS.txt, in a step that claims to
compare them with locally built products; this was only valid because
of the implicit (and so far correct) assumption that, at this point,
we've already verified that what you have built matches SHA512SUMS.txt.

This adds complexity and makes it needlessly hard to understand and review
this process. Instead, let's directly do the check we want.