Use hash_equals instead of double HMAC approach for signature comparison #29
Description
See #28 for what prompted this.
We're currently using a double HMAC approach for signature comparison, as that was the only way for us to securely compare HMAC signatures without making it a breaking change, as the hash_equals function we need isn't available until PHP 5.7, and we support PHP 5.5+
When we roll out our next major version we should increase the minimum PHP version to 5.7 or higher, and swap to using hash_equals.