Merge pull request #126 from PrivateStorageio/125.backup-order-equals-spend-order-equals-insert-order

Make backup order equal spend order equal insert order

We have our new test that verifies ordering

Cause extraction to fail if it cannot supply all requested tokens

Bust the cache key

Record redemption public keys

Our dependencies changed a while ago but we probably kept using the same cache
so we never updated it with the builds of the new dependencies.

It was doing to do some complex time math and decide if the voucher redemption
looked legit but the whole premise is broken.

The only thing you might be able to decide about a key change on a new voucher
is that some *older* ZKAPs might be suspicious.  And, really, what you should
probably decide instead is that whole issuer is suspicious and you might need
to stop using it.  On top of that, you need more information than what you get
from voucher redemptions.  You need more frequent monitoring of the issuer's
key in case you don't redeem vouchers except once in a blue moon.

So hanging a suspiciousness on a voucher isn't coherent.

And API docs

It is stored on redemption and regurgitated by the Python APIs and dumped in
the JSON accessible via the HTTP API.

Bump to latest version of python-challenge-bypass-ristretto

Generate tokens only once per voucher, regardless of redemption failures

Use released python-challenge-bypass-ristretto

We should get it from setup.cfg dependencies later

Lower NUM_TOKENS

Adjust to the renaming of privacypass / python-challenge-bypass-ristretto