Remove downloaded SHA256.sig if signature validation fails

Without the "noclobber" setting we would have overwitten with an empty
file and best not to leave a failed file around.

Noticed by florian@

0 files changed, 0 insertions, 0 deletions