Implement HMAC with constant-time comparison due to requirements in RFC 7518

[JuliusPC]

In HMACVerifier.java Arrays.equals is used to check whether the signature is valid or not. RFC 7518 states:

The comparison of the computed HMAC value to the JWS Signature value MUST be done in a constant-time manner to thwart timing attacks.

As far as i know, Arrays.equals is not constant-time.