Rebar3 blows up if a package is reverted in hex and then republished

[tsloughter]

I published opentelemetry_api 0.3.0 to hex. Then I used it in a project, resulting in the local registry cache adding an entry for it.

Discovering it hadn't included the include dir in the package I quickly deleted the package from hex. I then published a working version and tried to upgrade to it from the app that had used the old version:

===> Downloaded package, caching at /home/tristan/.cache/rebar3/hex/hexpm/packages/opentelemetry_api-0.3.0.tar
{"init terminating in do_boot",{function_clause,[{rebar_fetch,format_error,[{error,{rebar_pkg_resource,{bad_registry_checksum,<<"opentelemetry_api">>,<<"0.3.0">>,79647244256902647848052572520485788978681061864280585984879212460883111972097,42317814571946800557844840886808848114195326720416036805575144283794517908172}}}],[{file,"/tmp/cirrus-ci-build/src/rebar_fetch.erl"},{line,74}]},{rebar3,handle_error,2,[{file,"/tmp/cirrus-ci-build/src/rebar3.erl"},{line,343}]},{init,start_em,1,[]},{init,do_boot,3,[]}]}}
init terminating in do_boot ({function_clause,[{rebar_fetch,format_error,[{_}],[{_},{_}]},{rebar3,handle_error,2,[{_},{_}]},{init,start_em,1,[]},{init,do_boot,3,[]}]})

We need a proper format_error function here. And with useful instructions on what might have happened.. It is a tough case though, just saying "delete the local registry cache" is wrong since it could actually be someone planting a hijacked version...