fix: Use a constant-time Base64 encoder for secret key material

[poljar]

This patch fixes a security issue around a side-channel vulnerability^1 when decoding secret key material using Base64.

In some circumstances an attacker can obtain information about secret key material via a controlled-channel and side-channel attack.

This patch avoids the side-channel by switching to the base64ct crate for the encoding, and more importantly, the decoding of secret key material.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 90.57%. Comparing base (4ef989c) to head (734b6c6). Report is 3 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #156 +/- ## ======================================= Coverage 90.56% 90.57% ======================================= Files 34 34 Lines 1908 1910 +2 ======================================= + Hits 1728 1730 +2 Misses 180 180 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.