Confirm UIDs belong to the player with the corresponding private key

[Clef-0]

Rather than trusting clients' self-stated UID, calculate the UID host-side from the public key and have the client send something encrypted with the private key to verify that the public key belongs to them.

[RabidSquabbit]

The problem with this is that it takes a considerable amount of CPU time to do this (for both the client and host). As you can see for yourself with the generateTimestamp command, it's a noticeable lag/stop in the game thread, so we'd need to be queueing up thread(s) to do this work. I think It'll be easier just to wait with player verification until we implement a token-based Authentication system and let a server do the verification so the host doesn't have to waste it's precious CPU cycles.