Insecure X-Zoom-App-Context decryption allows user impersonation

[Starkteetje]

The decryptZoomAppContext routine is used to decrypt the X-Zoom-App-Context header. The decrypted value contains important information for the application, such as the user's ID and action, which the Zoom application will act upon. Unfortunately, the decryption process is insecure, as the Node crypto API does not enforce an expected length of the authentication tag, which allows forging values. Depending on the context, varying levels of user impersonation are possible. See https://github.com/zoom/zoomapps-sample-js/issues/24 for details.