Add support for checksum verification of must-use plugins

[schlessera]

As discussed in #26 (comment) , the plugin checksum verification currently ignores must-use plugins.

Should these be checked by default? ... or only through an additional flag?

I think I'd prefer to have them be included in the checks by default, with a flag to omit them if they should cause trouble.

[szepeviktor]

Where would checksums of MU plugins come from?

[schlessera]

The plugin header file can be checked to retrieve the plugin slug.

This works well for normal plugins that were moved into the mu-plugins folder and an MU-loader system like the one from Bedrock or WP-Starter takes care of actually loading them.

It won't work so well for:

1. Individual plugin files that were put there just to trigger the loading of a subfolder plugin.
2. Individual plugin files that contain custom logic for that site.

For now, we should throw warnings when 1. or 2. are found, as erroring out would make MU-plugins mostly unusable in terms of checksum verification.

[szepeviktor]

I solve a lot of problems in single-file MU plugins.
At least 10 MU-s are installed per site.

It would be great to have checksums in a list like

mu-file-name.php<TAB>hash-hash-hash

owned by root and having 0644 permissions.