Should validate SHA2 hash of SIGNED_REQUEST

The SIGNED_REQUEST parameter has an HMAC SHA2 hash that should be used to verify the validity of the parameter. Need to find the best way (way of least dependencies) to run this hash, samples from FB tend to use OpenSSL libraries which are a bit heavy to include if we don't have to.
