Rewrite ServerSecret caching and accessor logic

I'm working on some changes to XsrfTokenManager (b/35388772) and ServerSecret
was crufty enough that I ended up rewriting it.  Now it uses a LoadingCache
with a transaction instead of needlessly race-condition-y static init logic.

It also now supports retrieving its value as either a UUID (the old format
used by XsrfTokenManager) or a byte[].  The latter is more flexible and can
be directly used with HMAC which the new XsrfTokenManager format will employ.

And lastly, I added tests.  In addition, I tested this code on alpha and
verified appropriate operation (XSRF tokens still work from the console and
from regtool; if you remove ServerSecret from datastore and memcache, it
persists a new one).

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148931620

java/google/registry/security/XsrfTokenManager.java

@@ -15,13 +15,13 @@
 package google.registry.security;
 
 import static com.google.common.io.BaseEncoding.base64Url;
-import static google.registry.model.server.ServerSecret.getServerSecret;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.appengine.api.users.UserService;
 import com.google.common.base.Joiner;
 import com.google.common.base.Splitter;
 import com.google.common.hash.Hashing;
+import google.registry.model.server.ServerSecret;
 import google.registry.util.Clock;
 import google.registry.util.FormattingLogger;
 import java.util.List;
@@ -60,7 +60,9 @@ public final class XsrfTokenManager {
    */
   private static String encodeToken(long creationTime, @Nullable String scope, String userEmail) {
     String token =
-        Joiner.on('\t').skipNulls().join(getServerSecret(), userEmail, scope, creationTime);
+        Joiner.on('\t')
+            .skipNulls()
+            .join(ServerSecret.get().asUuid(), userEmail, scope, creationTime);
     return base64Url().encode(Hashing.sha256()
         .newHasher(token.length())
         .putString(token, UTF_8)