`late_bytes` management

Allowing arbitrary data to be posted to the /late_bytes endpoint, which is currently neither subject to anomaly checks nor size limits, seems like asking for trouble. Posting to this endpoint should be less permissive, not more so.

The acceptance criteria that should close this are as follows:

[ ] Log the late byte offset relative to the original demo stream in the database
[ ] Update the markov_score upon late byte receipt
- pretty simple to do: $\frac{n\text{orig} \cdot s\text{orig} + n\text{late} \cdot s\text{late}}{n\text{late} + n\text{orig}}$, where $n$ = payload length and $s$ = markov scores
- [ ] Optional: store markov scores for late bytes separately
[ ] Enforce length requirement
[ ] Upon session closure, issue a one-time use token a client can use to POST their late_bytes; deny all other requests to alter session payloads
[ ] #65: Object composition is used to 'append' to the original demo
- Create a new object {demo_name}.late
- Create an object that "composes" {demo_name} and {demo_name}.late
- Move composite object into {demo_name}
- Remove {demo_name}.late

MegaAntiCheat / masterbase

`late_bytes` management #69