Server-side cryptographically correct pass checking for allocate_buckets

Fixes: #40 (closed)

Note I reduced the scope of #40 (closed) and only address allocate_buckets here as this is a self-contained set of changes and the branch is large enough already. The other methods aren't going to be completely trivial so I'll address them individually.

docs/source/configuration.rst

@@ -57,3 +57,4 @@ this configuration is done using a path::
   ristretto-signing-key-path = /path/to/signing.key
 
 The signing key is the keystone secret to the entire system and must be managed with extreme care to prevent unintended disclosure.
+If things go well a future version of ZKAPAuthorizer will remove the requirement that the signing key be distributed to storage servers.