Don't cache resources we can't generate properly

Summary:
Fixes T10843. In a multi-server setup, we can do this:

• Two servers, A and B.
• You push an update.
• A gets pushed first.
• After A has been pushed, but before B has been pushed, a user loads a page from A.
• It generates resource URIs like /stuff/new/package.css.
• Those requests hit B.
• B doesn't have the new resources yet.
• It responds with old resources.
• Your CDN caches things. You now have a poisoned CDN: old data is saved in a new URL.

To try to avoid this with as little work as possible and generally make it hard to get wrong, check the URL hash against the hash we would generate.

If they don't match, serve our best guess at the resource, but don't cache it. This should make things mostly keep working during the push, but prevent caches from becoming poisoned, and everyone should get a working version of everything after the push finishes.

Test Plan:

• curl'd a resource, got a cacheable one.
• Changed the hash a little, curl'd again. This time: valid resource, but not cacheable.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10843

Differential Revision: https://secure.phabricator.com/D15775