Add hash_equals() fallback and use it
Two classes (User and SpecialRunJobs) currently contain string
equality checks that purport to be timing-attack resistant.
Reduce code duplication by adding and using a fallback for the
hash_equals() function from PHP 5.6 (currently in beta), in a way
addressing the comment "@todo: make a common method for this".