Add a decorator for protecting against timing based inference attacks

[Ivan-Johnson]

Consider this pseudocode:

def checkKeys(key1, key2):
    if not checkKey(key1):
        return False
    if not checkKey(key2):
        return False
    return True

Assuming that checkKey takes a non-trivial amount of time, it is possible to brute force valid key pairs one key at a time by using the runtime to determine whether checkKey ran once or twice. LLS should have some sort of decorator to protect against this sort of attack. It could simply delay the response from the function until some specified time that is larger than the predicted worst case time but I think an attacker might be able to bypass that sort of protection by overloading the server and somehow causing a predictable delay that is larger than the decorator's wait time. Perhaps adding an additional wait time regardless of the actual runtime would be better?

At present I don't think that any endpoints in LLS can reveal meaningful information with this sort of attack; a forthcoming change to authentication does add a vulnerability, but I don't think it would reveal any information that the attacker would be unable to obtain more easily from a different source.