[8.17](backport #42756) fix(x-pack/filebeat/input/http_endpoint): hmac header validation

[mergify]

Proposed commit message

The HMAC signature validation code had an optimization intended to
return early when the configured HMAC header was not present in the 
request. However, it was checking the wrong variable for emptiness,
which effectively skipped this check. If a request included an empty
HMAC header, the HMAC signature check would still proceed and fail due 
to the missing or incorrect signature.

This issue has been corrected by this commit. The code now returns
`errMissingHMACHeader` only when the header is truly absent (not present
rather than having an empty value). Additionally, before decoding the 
signature, a check for an empty value is added to return a descriptive error.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author notes

The problematic code is this section where on L67 it checks the value of v.hmacHeader which is from config instead of hmacHeaderValue which is from the request.

beats/x-pack/filebeat/input/http_endpoint/validate.go

Lines 65 to 68 in 26fecc1

	// Read HMAC signature from HTTP header.
	hmacHeaderValue := r.Header.Get(v.hmacHeader)
	if v.hmacHeader == "" {
	return http.StatusUnauthorized, errMissingHMACHeader

---

This is an automatic backport of pull request #42756 done by [Mergify](https://mergify.com).

[botelastic]

This pull request doesn't have a Team:<team> label.