feat: Add utility functions for webhooks

[rolodato]

Instead of having code snippets in our docs that describe how to validate webhook signatures, we should ship the code directly as part of all server-side SDKs.

There's a potential concern on whether this code belongs as part of this SDK, or if it should belong in a different package or not at all. I believe it does, for several reasons:

• We're not adding dependencies to this package or meaningfully increasing the package size.
• If package size was a concern, it would mainly be for client-side applications and not server-side. If this does become a problem, we can have separate artifacts for client-side and server-side applications.
• We're using a separate namespace from everything else.
• There's almost no benefit (minus package size) to having to publish a new library just for this type of code.

As an example, I like Auth0's approach for this, where they publish a single dependency with different namespaces for the authentication and management components (analogous to our flags APIs and admin APIs): https://github.com/auth0/node-auth0?tab=readme-ov-file#configure-the-sdk

[matthewelwell]

I can't see any reason that this function should be part of the public interface for this module?

[rolodato]

It could help for generating fake requests in case you want to test webhook listeners without depending on Flagsmith, or if for whatever reason you need to invoke a webhook manually. It could also help troubleshooting if verify_signature fails and you don't understand why (wrong secret, signature or payload).

It's the same as how most JWT libraries have methods for generating and verifying signatures, but the vast majority of users will only be verifying signatures.

In any case I don't feel too strongly about this, I'm happy to remove generate_signature from the public interface and add it later if we need to. Let me know what you prefer!

[matthewelwell]

Fair enough, yep, ok, happy to leave it in.