Some way to pass "--hash" on the CLI or to ignore file:/// uris when using --require-hashes

Currently I’m working around this with a custom install command, that hashes any file requirement arg and puts it into a requirements file before passing it onto pip here:

I’m also proposing to use this work-around in tox

I think it would be neater to have a --require-hashes-only-for-remote-requirements flag or similar