It turns out that some of the dependencies in the Google Offline Components
downloadable maven repository have difference to the ones Google publishes
to maven.google.com. WTF. In any case, the new Gradle Dependency
Verification feature handles this gracefully. I manually verified the
diffs between the two using diffoscope. One just differed by timestamps in
the ZIP header, and the other just differed by linefeeds at the end of the
file. Then I generated this metadata update using:
`./gradlew --write-verification-metadata pgp,sha256`
* https://developer.android.com/studio#offline
708a6d8dbd