feat: support custom auth plugins

[GrantBirki]

This issue tracks work to bring support for custom auth plugins. Right now, if you try to use a custom auth plugin in anyway, you will get the following error message: Custom validators not implemented in POC. We want to keep the two standard auth plugins (Plugins::Auth::HMAC and Plugins::Auth::SharedSecret) but also allow users to "bring their own" if they have a custom use case that doesn't follow the most common webhook auth patterns.

Here is an example of how this could be setup:

examples takes from the current acceptance dir

# Sample configuration for Hooks webhook server
handler_dir: ./spec/acceptance/handlers
auth_plugin_dir: ./spec/acceptance/plugins/auth # NEW!
log_level: debug

# Request handling
request_limit: 1048576    # 1MB max body size
request_timeout: 15       # 15 seconds timeout

# Path configuration
root_path: /webhooks
health_path: /health
version_path: /version

# Runtime behavior
environment: development

# Available endpoints
# Each endpoint configuration file should be placed in the endpoints directory
endpoints_dir: ./spec/acceptance/config/endpoints

note: we should also rename handler_dir to handler_plugin_dir so that auth_plugin_dir matches

Then a new endpoint config could state that it wants to use a non-default auth plugin:

path: /example
handler: CoolNewHandler

auth:
  type: some_cool_auth_plugin
  secret_env_key: SUPER_COOL_SECRET # the name of the environment variable containing the shared secret
  header: Bearer

Then the plugin could look like this:

module Hooks
  module Plugins
    module Auth
      class SomeCoolAuthPlugin < Base
        def self.valid?(payload:, headers:, config:)
          # TODO
        end
      end
    end
  end
end