API safeties

Increase security and sanity checks to allow for new features.

- ability to exchange signed information with gitlab-rails via a shared secret
- content-type checks to prevent leaking internal API data

Signed messages are implemented using JWT. To make this possible we vendor the jwt-go library.

Companion MR in gitlab-rails: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5907

See merge request !60