Defuse Direct Object References

This prevents people from easily guessing and enumerating all public repositories in a server's default storage.

The URL of each repository's default storage now includes a unique identifier which is calculated with a SHA256 HMAC using Django's SECRET_KEY and the repository's public key fingerprint. The resulting digest is stripped down to 32 characters to keep URLs somewhat readable.

Closes #121 (closed)