use Base32::encodeUpper to generate base32 secret

[fkooman]

The RFC also recommends using a 160 bit secret. The default now is an 80 bit secret. So the $length default can maybe change to 32 from 16. I didn't do this yet as it may break people's integrations.

R6 - The algorithm MUST use a strong shared secret. The length of the shared secret MUST be at least 128 bits. This document RECOMMENDs a shared secret length of 160 bits.

https://tools.ietf.org/html/rfc4226#section-4