Verify github/gitea payloads in trigger api

current trigger api accepts any request with the needed info without knowing who send this payload.
while creating the webhook in the repo, we should add a secret to the webhook. this secret github/gitea will use it as a signature for the payload and can be verified in the trigger api.