This is just an added step for security. Now, if an extension file gets compromised, Pixelorama can detect the mismatch between the file's SHA256 and the SHA256 from the extension repository, and refuse to install the extension.
For example, someone with malicious intent could gain access in the repository where the extension file is hosted, and replace it with a different file. Before this commit, the malicious file would be downloaded normally, but now, since the file will change, so will its SHA-256 hash, so Pixelorama will be able detect the mismatch and recognize that it is potentially malicious.
The preferences code only handles the UI related stuff, while HandleExtensions is now solely responsible for extension enabling, loading and uninstalling. This makes it possible to handle extensions without having the preferences dialog be in the middle.
