Add HMAC support for event verification

Need to discuss the best set of options and default settings:

1. Selection of HMAC algorithms (to help support hardware DAQs in the future)
2. Whether verification is on by default (to deal with DAQs that don't support HMAC generation)
3. Whether e.g. instance token can be used to generate a shared key (as an option; in addition to providing keys externally)