QUIC RETRY - Simplify retry token

[nbridge-jump]

We currently generate some random bits, generate a key, generate a token including the random bits and a tuple of information, and then encrypt it with AES GCM with HMAC. This really isn't required. The token doesn't need to be secret, just verifiable. Marcus suggested skipping the encryption and just using HMAC to verify the blob. Also, we don't need new keys for every token. We should keep the random bits and the server secret, and a single set of server keys. We can consider cycling the server secret and server keys, since they get reused. This will make INITIAL packet verification much quicker