Add support for signing API requests

[timcraft]

From the spec:

SHOULD allow a signature secret (used for some API requests,
and to validate WebHook signatures)

Using the signature secret to sign API requests is not yet supported.

[pRdm]

@timcraft any idea when you'd have time to implement this?

[timcraft]

@pRdm More a question of priorities than time, currently working on refactoring everything for v5 so things like this are easier to implement. Which API do you want to use it with?

[pRdm]

@timcraft thanks for the speedy response, my team needed it urgently and we've implemented on our end already.

On a side note, but related to signatures, the current README has an ambiguity in it. In your README:

To check signatures for incoming webhook requests you'll also need to specify the signature_secret argument:

client = Nexmo::Client.new(signature_secret: "signature")

But running the command yields an exception

client = Nexmo::Client.new(signature_secret: "signature")
# => KeyError: key not found: "NEXMO_API_KEY"

client = Nexmo::Client.new(key: "api_key", signature_secret: "signature")
# => KeyError: key not found: "NEXMO_API_SECRET"

client = Nexmo::Client.new(key: "api_key", secret: "secret", signature_secret: "signature")
# => #<Nexmo::Client:0x007fddfef9cbb0 @key="api_key", @secret="secret", @signature_secret="signature", @application_id=nil, @private_key=nil, @host="rest.nexmo.com", @api_host="api.nexmo.com", @sns_host="sns.nexmo.com", @user_agent="nexmo-ruby/4.7.0 ruby/2.4.1">

[timcraft]

@pRdm Appreciate that's confusing if you try to copy and paste the code. That should be resolved by making the key and secret optional in #92.

[superchilled]

My understanding is that this is implemented. Both for signing requests (where this is allowed by the API) and for validating webhooks.