Protect the Grantor-Gatekeeper channel

If a colluding attacker is present in the destination network, then the attacker could in theory spoof Grantor command packets to Gatekeeper servers. We should explore ways of defending against this kind of inside attack, perhaps using an authentication handshake between Grantor and Gatekeeper servers.