Idea: add response signatures

[ezekg]

Response signatures could improve upon node-locking in low trust environments where Relay's fingerprint is known beforehand on the application-side by at least somewhat helping to prevent replay-attacks (but more in a security-by-obscurity way).

Could use a simple HMAC-SHA256 using Relay's fingerprint in a header:

Relay-Signature: t=1679654321,v1=abc...def

But since this is security-by-obscurity, signatures could easily be forged if a bad actor knows the fingerprint.

[ezekg]

Signatures may be particularly useful in preventing simple clock tampering attacks, since the client could verify a response is within a particular timeframe of Relay's response. Thus clock tampering would be required on both the machine hosting Relay and on the client running the application, which will be apparent in the Relay audit logs upon an audit investigation.

Could be opt-in via a --signing-secret flag, which could be set to the fingerprint when node-locked.