Comment 33 for bug 1549483

I took the liberty of rewriting the note to be more clear about the extent of the attack (i.e., the user cannot manipulate the checksum, just the data) and to be more clear about how images can be shared out in Glance and what policies govern this. But I'm not a security guy, so Tristan and Luke may need to rewrite. Also, I will grab Nikhil from Glance coresec to read over for accuracy.