Using pipe_id to identify client may not be safe

[zacharied]

We currently use nng_pipe_id() to figure out the source of a message. But if the pipe_id is something that is written by the nng client library, then a tenant can totally just spoof their own client ID. My intuition tells me that it's probably set up like that.

Solutions:

• Have an individual named pipe for each tenant
• Give client a secret token when they first connect, and require that token with all future requests