Implement a more secure channel handshake and fixed a bunch of issues.

[TMSCH]

The client now passes the sha-256 hash of the generated ID to the IFrame URL. The provider frame then waits for the ID to be sent via postMessage as the challenge for the handshake. It computes the sha-256 of the nonce challenge received to assert that the sender has the correct ID.

This allows to protect against an attacker that would start the handshake before the client's library.

Fixed issues with demo apps (bad CSS imports, provider URL not settable in settings). Fixed issue with npm run check that wouldn't compile the custom TSLint rule and hence not be able to use this rule.

[codecov-io]

Codecov Report

Merging #11 into master will decrease coverage by 0.3%. The diff coverage is 63.63%.

@@            Coverage Diff             @@
##           master      #11      +/-   ##
==========================================
- Coverage   78.68%   78.37%   -0.31%     
==========================================
  Files          34       34              
  Lines        1168     1216      +48     
  Branches      125      130       +5     
==========================================
+ Hits          919      953      +34     
- Misses        211      224      +13     
- Partials       38       39       +1

Impacted Files	Coverage Δ
ts/api/provider_frame_elem.ts	23.07% <0%> (ø)	:arrow_up:
ts/api/api.ts	22.04% <33.33%> (-0.18%)	:arrow_down:
ts/protocol/utils.ts	74.69% <60.41%> (-6.26%)	:arrow_down:
ts/protocol/secure_channel.ts	88.54% <85.71%> (+0.54%)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9475a22...12002f8. Read the comment docs.