Two patterns to audit on crypto implementations (note to self)

[bunnie]

1. Need to make sure Subtle/.ct_eq() is used in all the right places.
2. Strip out debug info that can leak hints about decryption/encryption success etc.

This is basically a note to @bunnie to do a scrub through the implementations and clean up these details, but it is a public issue so that security-conscious users are aware that this technical debt exists.