Verify that subscription request comes from known AWS account

[kwood]

Currently, this package validates that subscription requests are signed by AWS, but this allows any account on AWS to create a topic and start sending messages to an endpoint.

This is a potential security problem — if an attacker can discover the URL for an endpoint, they can create their own topics that write to them, and the subscription and subsequent messages will be accepted.

This PR creates a way to deny subscription requests that aren't coming from a known AWS account, configurable in the Django settings. It also introduces an easy way to customize this behavior, by overriding the should_confirm_subscription method.

If there's interest in merging this PR, I'd be happy to write some documentation for it.

Note that I had to remove the nose-tests dependency — that library is no longer maintained, and ./manage.py test works out of the box now.