Prevent timing attacks when validating credentials
Review Request #9795 — Created March 16, 2018 and submitted
We now use constant time comparison to compare the credentials to the
configuration. We also do not short circuit the operation in the case
that the username is incorrect.
Ran unit tests.