Drone.io global webhook signature

[sksadri]

Drone.io global webhooks use http signatures for authentication so I just added support for them using https://github.com/99designs/httpsignatures-go for the actual validation.

NB: please indulge me, I've never coded in golang before

[moorereason]

Thank you for submitting this PR, but I'd like to discuss this feature request outside of a code review. Please open an issue to discuss this.

I've not used HTTP Signatures before, so an explanation of what exactly it verifies would be helpful. For example, this PR doesn't actually validate the SHA256 hash of the payload body. Is that intentional? Do HTTP Signatures only sign/validate headers?