Don't assume our secret is base32 encoded.

According to https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm
secrets are only base32 encoded in gauthenticator and gauth friendly providers.

otp_test.go

@@ -79,10 +79,7 @@ func TestBadURL(t *testing.T) {
 		"foo",
 		"otpauth:/foo/bar/baz",
 		"://",
-		"otpauth://hotp/secret=bar",
-		"otpauth://hotp/?secret=QUJDRA&algorithm=SHA256",
 		"otpauth://hotp/?digits=",
-		"otpauth://hotp/?secret=123",
 		"otpauth://hotp/?secret=MFRGGZDF&digits=ABCD",
 		"otpauth://hotp/?secret=MFRGGZDF&counter=ABCD",
 	}