Support multiple shared secrets

[davidfurey]

It would be useful to support multiple shared secrets. This would allow different API consumers to have different keys, which would simplify the revocation process if one API consumer leaks the key. It would also simplify the process of key rotation, since you could temporarily accept the old and new key.

Before I look at implementing this, it would be great to get others opinions on this.

[kenoir]

Aiming to achieve this in #20 & guardian/panda-hmac#20.