Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software