HMAC based token pattern

[gdelpu]

Support plan

• is this issue currently blocking your project? (yes/no):no
• is this issue affecting a production system? (yes/no):yes

Context

• node version: 12+
• module version: 8.0.1
• environment (e.g. node, browser, native):
• used with (e.g. hapi application, another framework, standalone, ...): Hapi application
• any other relevant information:

What problem are you trying to solve?

One of my project needed a stateless way to handle CSRF token, the customer's security team wanted us to implement the HMAC based token pattern as describe in the OWASP cheatsheet.

Do you have a new or modified API suggestion to solve the problem?

I did an implementation of the pattern and though it could be a great addition for the community, therefore I propose the pull request #155 to add this feature to CRUMB.