Improve crypto

[namelessjon]

This patch fixes a few problems with the cryptography in the original version of the gem. I think it fixes all of them, while introducing no new ones, but I'm not a cryptographer. A better solution might be to add another dependency on rbnacl (and libsodium), but this does keep to a minimum of dependencies. Even if that dependency is openssl.

• Use of SHA256 over SHA1, as SHA1 is depracated for new applications and has been for a while.
• Use HMAC-SHA256 as a Key Derivation Function, which avoids users getting a smaller effective keysize if they use e.g. hex for the secret. They still shouldn't use a passphrase, though. This fix also means the gem creates independent keys for the HMAC and the encryption.
• Go for encrypt then MAC, not MAC then encrypt, which avoids issues with using the server as e.g. a CBC padding oracle.
• Use constant-time compares for the MAC, to avoid message forgery through repeated requests to the server, and timing the response.
• The new way of encrypting then encoding avoids effectively double Base64 encoding the paylod, which should make the cookies shorter by about 30%.
• Go for AES-256, mostly for parity with the use of HMAC-SHA256.
• Moved all of the above fixes into a seperate class. Which should probably have specs.
• Fixed some specs which broke with the new way of encrypting the messages.
• Updated the readme to reflect the changes.

[namelessjon]

Haven't touched the manifest etc, as I have no idea how that works.