Improve security around archiver key
- Use a constant time check when evaluating the value of the archiver key to be resistant to timing attacks. (CVE-2021-35057)
- Read the archiver key from a HTTP header so it doesn't appear in server logs. This will require updating the mailman-hyperkitty package as well. (CVE-2021-35058)
Fixes #387 (closed).