Updated to check against SHA-256 signature of request body (fixes #47)

[tejashah88]

This should address #47. I'm thinking this should warrant a major version as it behaves differently enough. @mreinstein any thoughts on this and this PR?

Here's a full list of the changes:

Features:

• Bumped the alexa-verifier dependency to 4.0.0
• Updated the request headers being read to check the hashed signature

Testing:

• Fixed the "fail invalid signature" test, as it was checking for an invalid certificate parameter instead
• Ditched hardcoded signatures in favor of dynamically generated signatures (similar to what alexa-verifier does)
• Cleaned up, made the tests a bit more uniform (consistent checks and naming) and added some comments

[tejashah88]

Thanks! I'll do the release on NPM