In the \ParagonIE\EasyRSA\EasyRSA::encrypt you're calculating a checksum as

        $checksum = \substr(
            \hash('sha256', $packaged),
            0,
            16
        );

What is the purpose for that? Especially that it does not contain any secret part.

Is it simply against data corruption? Just to avoid even trying to decrypt it when data was corrupted during transmission?

The total message format is:

V || K || M || C

Where:

• V is the version tag
• K is the RSA-encrypted key
• M is the encrypted message (authenticated encryption provided by defuse/php-encryption)
• C is a checksum of V || K || M.

Is it simply against data corruption? Just to avoid even trying to decrypt it when data was corrupted during transmission?

Yep. It's not meant to replace a MAC.