verifier_tools/verify: Add cache for tree leaf download.

[billy-lau]

This change vastly improves execution time and bandwidth consumption when performing inclusion proof test repeatedly, especially when doing that against hundreds of apps at a time.

verifier.go:

• removed a superfluous trailing forward slash char in log base url.
• now calls the revised BinaryInfosIndex function.

reader.go:

• modified the BinaryInfosIndex function to take the size of tree as parameter, and reads from cache instead of directly downloading from URL.
• introduced a readCachedInfoFile function that tries to read from temp local storage for existing content before downloading from URL.
  • the freshness of the cached content is checked against the log checkpoint, which is always downloaded per call.

Change-Id: Ia3a8e790e26ff352635215fd257447f9263f3437

[gemini-code-assist]

Code Review

This pull request introduces a local caching mechanism for binary info files in the transparency log verifier to avoid redundant downloads. It updates BinaryInfosIndex to accept a treeSize parameter and cache files locally using the user's cache directory. The review feedback highlights a potential path traversal vulnerability where binaryInfoFilename is used directly in the cache path construction, recommending sanitization with filepath.Base. Additionally, the reviewer notes issues with the cleanup logic, specifically glob pattern injection and aggressive cache invalidation that could disrupt concurrent runs, suggesting a safer directory-reading approach with age-based deletion thresholds.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.