contrib: rav1e: don't download the vendor tarball until it's available

We cannot rely on a valid SHA-512 until we have the matching tarball updated.

The SHA-512 system for vendor tarball has been tested with a locally generated tarball.

---

v2

• touch all the files in the generated tarball so they have a predicatable date
• always check the vendor tarball checksum, the generated one always has the same checksum now
• merge the vendor tarball generation in the download_macro so it's all done in one call

---

v7:

• give up on trying to have the same tarball generated on all platforms, there are too many variable parameters than can make the tarball different
• mark the generated tarball as not needing a checksum validation
• if the tarball is deleted, that "marker" will also be deleted before trying to download the vendor tarball again
• given we don't have reliable hash, we should not overwrite the one in the source directory with our local one to avoid future source conflict
• we also don't need a proper hash somewhere else since we should trust our local folders to be safe, plus it's tricky to generate a usable hash in a portable way