Some way to pass "--hash" on the CLI or to ignore file:/// uris when using --require-hashes

Currently I’m working around this with a custom install command, that hashes any file requirement arg and puts it into a requirements file before passing it onto pip here: https://github.com/PyCQA/modernize/pull/228/files#diff-256be86b218458267e29f38e19906417R72

I’m also proposing to use this work-around in tox https://github.com/tox-dev/tox/issues/1672

I think it would be neater to have a --require-hashes-only-for-remote-requirements flag or similar