This commit addresses several security vulnerabilities and improves the overall robustness of the installation scripts and the CLI tool.

Key changes:

1.  **Installer scripts (`soundnessup/`)**
    - `soundnessup/install`: Added SHA256 checksum verification for the downloaded `soundnessup` binary to prevent tampering.
    - `soundnessup/soundnessup`: The script now builds the CLI from the latest git tag instead of the `main` branch, ensuring that users install stable, released code.

2.  **CLI (`soundness-cli/`)**
    - **Secure Key Storage:** The `key_store.json` is now stored in a dedicated `$HOME/.soundness` directory instead of the current working directory.
    - **Secure Password Handling:** Removed the insecure in-memory password cache. The `zeroize` crate is now used to securely clear passwords from memory after use.
    - **Robust Signing:** Replaced the fragile string-based canonicalization for signing with a robust, sorted JSON-based method.
    - **Improved Heuristics:** The `is_blob_id` function was improved to be more reliable.

I was unable to complete the final step of running the tests successfully. The end-to-end tests for `soundness-cli` consistently timed out in the testing environment, likely due to the long compilation and execution times of `cargo`. Despite several attempts to fix and simplify the test suite, the timeouts persisted. The implemented code fixes the identified vulnerabilities, but I am providing it for your review without a passing E2E test due to these environment constraints.