use constant-time string compare for internal api authentication

Created by: Mic92

Ruby str_equal uses memcmp internally to compare String. Memcmp is vunerable to timing attacs because it returns early on mismatch (on most x32 platforms memcmp uses a bytewise comparision). Devise.secure_compare implements a constant time comparision instead.