Support for HMAC-signed hook payloads

[delroth]

Webhook URLs are usually exposed over the internet, so a common practice in webhook modules is to provide the ability for the user to specify a shared secret (hmac key) that is used to sign the payload when sending it to the webhook URL. This authentifies the origin of the payload to its recipient.

I couldn't find anything like that in redmine_webhook unfortunately. I might work on this in the future, but still filing this feature request in case someone else has more time than I do :)