chore: missed commit

Signed-off-by: habeck <habeck@us.ibm.com>

Author: tedhabeck

.env.example

@@ -162,3 +162,15 @@
 # PLUGINS_GRPC_SERVER_SSL_ENABLED=
 
 
+
+### Package Integrity Verification
+# Enable SHA256 hash verification for PyPI packages (default: True)
+# When enabled, downloaded packages are verified against hashes from PyPI's JSON API
+# Recommended: Keep enabled for security
+# PLUGINS_VERIFY_PACKAGE_INTEGRITY=True
+
+# Strict integrity mode (default: False)
+# When True: Fail installation if package hashes are unavailable
+# When False: Warn but continue if hashes are unavailable
+# Recommended: False for development, True for production
+# PLUGINS_STRICT_INTEGRITY_MODE=False