Cryptographically validate shares during decoding

Shares include a lot of consistency check information that means no one can tamper with the contents. We actually need to check this information, though. Currently we just jump straight to decryption as soon as possible.

If the consistency information doesn't check out, we should refuse to hand back plaintext via the normal decoding interface. Instead, we should handle back a failure describing what didn't check out. We may also want to add an additional interface which does try to give back plaintext even if the consistency information doesn't check out - primarily for debugging and other exceptional inspection use-cases.

There's a bunch of different pieces of consistency information in shares so this task might be larger than one ticket. Consider breaking it into pieces.