use a constant string comparison to avoid timing attack

[pyramation]

as in the discussion here: https://news.ycombinator.com/item?id=26258261#26271329

- Using '=' for comparing TOTPs in the totp.verify function[1] is not safe from timing attacks.

https://github.com/pyramation/totp/blob/7ec3104/packages/totp/sql/launchql-totp--0.0.3.sql#L111

[pyramation]

So upon research looks like it's quite easily fixed by comparing all digits individually, and then aggregating if all all true, but continuing the iteration and checks even if a false value has been found. I suppose that would cover this case.