For now, 2 official places can be found to download the Daedalus Wallets:
But no SHA256 (or MD5, etc.) for the wallets can be found in either the address above. Sometimes people want to check the authenticity of the file downloaded, so I think it’s better if they are provided.
This may also help those who download the wallets from other server, for they just have poor internet connection to these sites.
You’re right that a method verifying authenticity should be provided. It should be cryptographic signatures though instead of hashes, because hashes are just as easily forged as installers themselves and can give you a false sense of security. Last I checked the Mac and Windows releases were signed by someone, but there should be a well defined step-by-step method for users to verify that it’s signed by IOHK, like this.
Update: The newly released Daedalus installers are PGP signed and have clear, step-by-step instructions on how to verify. SHA256 checksums are provided as well, but those are not to be trusted blindly.