Restrict github/gitea webhook API keys to a specific organisation

[jesopo]

anyone can send a webhook payload to bitbot if they have a valid API key and they can lie about the repository, which can cause bitbot to spam other channels that have hooks for other orgs/repos

[jesopo]

this will require data migration