Fix potential time attack vulnerability in HMAC signature comparison

Fixes a potential timing attack vulnerability in our HMAC signature comparison using a double HMAC approach. Thanks to @afk11 for submitting this.