secdir: add an authentication step to avoid DDOS in push

[brong]

The secdir review suggested an alteration to the push mechanism to make sure it can't be used for ongoing DDOS:

Instead of just pointing it out, I think we should disallow that kind
of DoS options, i.e., I think the push subscription needs to be
extended to include initial verification step, i.e., when client
registers a PushSubscription the server should immediately send one
"event" notifying the creation of the push subscription and then when
client sees that event it could verify that it can see it (this would
also allow easy way to find out whether the given url actually works)
and send verification token given in the first event back to server
confirming that it can actually see the events.

This would forbid client to set up denial service attacks against 3rd
parties, and would also verify that the event channel is actually
working, i.e. the url is accessible by the server and that the keys
are correct etc.

Other than one additional round trip, and changing deployed software, this seems quite sensible.