Implement signature verification

[gr2m]

The requests from GitHub are currently not verified using the signature, because the code is currently using Node's crypto package. This will be resolved once I create a universal webhook verification package, similar to universal-github-app-jwt. For the time being, you could define a secret path that that webhook requests by GitHub are sent to, in order to prevent anyone who knows your workers URL from sending fake webhook requests.

[github-actions]

🎉 This issue has been resolved in version 1.0.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

[boredland]

Does this mean that the disclaimer in the README is kinda outdated?