send key-confirmation message upon receipt of PAKE

This will allow the first peer to detect a wrong password even though
the second peer bails before sending something encrypted.

src/wormhole/blocking/transcribe.py

@@ -314,6 +314,8 @@ class Wormhole:
             pake_msg = self._channel.get(u"pake")
             self.key = self.sp.finish(pake_msg)
             self.verifier = self.derive_key(u"wormhole:verifier")
+            conf = self.derive_key(u"wormhole:confirmation")
+            self._channel.send(u"_confirm", conf)
 
     @close_on_error
     def get_verifier(self):

src/wormhole/twisted/transcribe.py

@@ -332,7 +332,10 @@ class Wormhole:
             key = self.sp.finish(pake_msg)
             self.key = key
             self.verifier = self.derive_key(u"wormhole:verifier")
-            return key
+            conf = self.derive_key(u"wormhole:confirmation")
+            d1 = self._channel.send(u"_confirm", conf)
+            d1.addCallback(lambda _: key)
+            return d1
         d.addCallback(_got_pake)
         return d