Validate should always compare to local checksum #1281
Description
Currently the validate goal works by creating the ChecksumCalculator that is specified in the config. That is, if checksum calculator is "remote" it will use a RemoteChecksumCalculator. It then compares the lockfile as saved, and the newly generated lockfile with each other. This would not catch local tampering attemps, only check that the remote repository has not changed their files.
I propose we should always use the local checksum calculator when performing a validate.