Insecure string comparison of HMAC

By not using a constant time string comparison method like [crypto's timingSafeEqual function](https://nodejs.org/docs/latest-v6.x/api/crypto.html#crypto_crypto_timingsafeequal_a_b), malicious actors can use timing attacks.

https://github.com/contentful/node-apps-toolkit/blob/08b7ec54c64d22dab611b7991bf8a8410f7a47d4/src/requests/verify-request.ts#L86

