fix: always use constant time comparisons for tag values

[tomleavy]

Description of changes:

Since confirmation_tag and membership_tag are MAC values, we should use constant time comparisons for them in all cases. This behavior is covered everywhere by custom implementing PartialEq with the subtle crate's ct_eq function

Testing:

Covered by existing tests

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 75.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.50%. Comparing base (0e602b4) to head (00ce053).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
mls-rs/src/group/confirmation_tag.rs	75.00%	1 Missing ⚠️
mls-rs/src/group/membership_tag.rs	75.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #320   +/-   ##
=======================================
  Coverage   88.50%   88.50%           
=======================================
  Files         182      182           
  Lines       29002    29008    +6     
=======================================
+ Hits        25668    25674    +6     
  Misses       3334     3334           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mulmarta]

Should we do this for all structs with secrets that derive PartialEq, or remove PartialEq derivation? ? For example

• KeySchedule
• HpkeSecretKey
• SignatureSecretKey
• EpochSecrets
• PreSharedKey

[tomleavy]

Separate PR for secrets, but yeah that's next up