When validating a bearer token we use a constant-time comparison algorithm in order to avoid leaking bits of the bearer token via a side channel: https://github.com/cloudflare/daphne/blob/main/daphne/src/messages/mod.rs#L1184

We should replace this with the implementation in the subtle crate, since the code is delicate and easy to get wrong.