refactor(turborepo): Signature Authentication (2nd try)

[NicholasLYang]

Description

Refactors the signature authentication to use a language-independent algorithm, as the previous implementation depended on Go's JSON serialization.

NOTE: This is a global hash bump.

Testing Instructions

Testing is using fuzzing across the Go-Rust boundary to check that signatures are correctly generated on both sides.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
examples-tailwind-web	🔄 Building (Inspect)			May 16, 2023 5:25pm

8 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
examples-basic-web	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-cra-web	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-designsystem-docs	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-gatsby-web	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-kitchensink-blog	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-native-web	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-svelte-web	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm
examples-vite-web	⬜️ Ignored (Inspect)			May 16, 2023 5:25pm

[vercel]

@NicholasLYang is attempting to deploy a commit to the Vercel Team on Vercel.

A member of the Team first needs to authorize it.

[arlyon]

Approved with some minor comments. I think we should announce this in the turbo channel / turboverse before merging.

[arlyon]

I believe that HMAC_SHA256 doesn't have key length requirements but a comment that verifies that would be handy.

[arlyon]

I also think we could pull HMAC_SHA256 into a constant, since it's used in more than one place. Something like TURBO_HMAC_ALGO

[NicholasLYang]

this is static because apparently you can't have a const that refers to another const