Feature Request

• Yes, I reviewed the contribution guidelines.

Describe your use case and the problem you are facing

Someone installed malware on my server. It came in two parts:
• modifying wp-includes/general-template.php
• adding temp/modules.php

wp core verify-checksums caught the first case but not the second.

Describe the solution you'd like

Any unexpected files (outside wp-content) should result in an error.