This seems to be supported by all of our providers:

• https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks#validating-payloads-from-github
• https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#validate-payloads-by-using-a-secret-token
• go-gitea/gitea#6428

The rationale behind this is that currently, anybody who knows the webhook URL can send a payload and BitBot will display it in every channel that is watching the hook; this is other-than-ideal for obvious reasons. I'm thinking we need to have some way to have a unique secret generated for each webhook for each channel and that each payload needs to be signed with said secret. The tricky part is accomplishing this without screwing up old webhooks that don't have the secret configured.