Confidant

* Move scripts into the confidant module to be able to use the scripts when pip
installed

* Added changes and settings for better performance in confidant. See the
performance section in the configuration docs

* Important change: the location of the wsgi.py has moved inside of the
confidant module to make the pypi package runnable. This changes the gunicorn
invocation from `gunicorn wsgi:app -k gevent` to `gunicorn confidant.wsgi:app
-k gevent`

* Getting the pypi package into a working state

* Split the client away from the confidant repo

* Security fix: While preparing for the 1.1 stable release Lyft found a KMS
authentication vulnerability in the unreleased 1.1 branch while performing an
audit of the code. The vulnerability was introduced while adding the scoped auth
key feature (for limiting authentication keys and services to specific AWS
accounts), where the key was not properly checked after decryption. This check is
an additional verification to add additional safety on-top of the IAM policy of
your KMS keys. If IAM policy allows users to use KMS keys without limits on
encryption context, a KMS key that wasn't intended to be used for auth, could be
used for auth.