feat(server): add github_hmac and none webhook signing modes

Adds two new webhook trigger signing modes for external provider
compatibility:

- github_hmac: accepts X-Hub-Signature-256 header with
  HMAC-SHA256(secret, rawBody), no timestamp prefix. Compatible with
  GitHub, Sentry, and services following the same standard.
- none: no authentication; the 24-char hex publicId in the URL acts
  as the shared secret. For services that cannot add auth headers.

The replay window UI field is hidden when these modes are selected
since neither uses timestamp-based replay protection.

Closes #1892

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

packages/shared/src/constants.ts

@@ -165,7 +165,7 @@ export type RoutineCatchUpPolicy = (typeof ROUTINE_CATCH_UP_POLICIES)[number];
 export const ROUTINE_TRIGGER_KINDS = ["schedule", "webhook", "api"] as const;
 export type RoutineTriggerKind = (typeof ROUTINE_TRIGGER_KINDS)[number];
 
-export const ROUTINE_TRIGGER_SIGNING_MODES = ["bearer", "hmac_sha256"] as const;
+export const ROUTINE_TRIGGER_SIGNING_MODES = ["bearer", "hmac_sha256", "github_hmac", "none"] as const;
 export type RoutineTriggerSigningMode = (typeof ROUTINE_TRIGGER_SIGNING_MODES)[number];
 
 export const ROUTINE_VARIABLE_TYPES = ["text", "textarea", "number", "boolean", "select"] as const;