update: add stricter checking when updating repo index using rsync

update: add stricter checking when updating repo index using rsync

rsync uses the modification time and size of the file when deciding whether
to update a file.  These are relatively easy to control in malicious code,
so instead make rsync use a full MD5 checksum when decided whether the
index needs to be updated.  I suppose we could add an option to use
checksum checking on all files, but since the signed repo already provides
a checksum check, it seems not worth the added load on the process.

Also, renamed 'index' to 'indexxml' to make it clear what is the XML and
what is the JAR.