lib: update for which file we look for hashes
The hashes of modified files are now stored in file *.files-sha256sum instead of *.files-sha256.
It turns out that we also were not reading the *.files-sha256 and thus move of modified files actually did not work.
Implements #320 (closed).
Note: we do not have to update updater to first to ensure security as this is hash file for files in package not the other way around. The change in file in package causes change of hash of package and thus in index (that is what we check) and thus there is no need for updating updater early to prevent some kind of injection. This only affects case when we read already installed packages on the system.