fix: add webhook signature and clean up inquiry payload checks

[shaunwarman]

Checklist

• I have ensured my pull request is not behind the main or master branch of the original repository.
• I have rebased all commits where necessary so that reviewing this pull request can be done without having to merge it first.
• I have written a commit message that passes commitlint linting.
• I have ensured that my code changes pass linting tests.
• I have ensured that my code changes pass unit tests.
• I have described my pull request and the reasons for code changes along with context if necessary.

[titanism]

-if (!requestHeaders['X-Webhook-Signature']) {
+if (!_.isObject(requestHeaders) || !isSANB(requestHeaders['X-Webhook-Signature'])) {

[titanism]

You don't need all this, you can just do stuff like:

headers.hasHeader('auto-submitted')

All lowercase works, it's case insensitive - that's the whole reason we use new Headers instead of this massive || conditional so we can do case insensitive key matches.

[titanism]

This is not correct using of @ladjs/env. Try to never use process if possible to get process.env.

Instead add this:

+const env = require('#config/env');
const config = require('#config');

And then use const webhookSignatureKey = env.WEBHOOK_SIGNATURE_KEY;

[titanism]

This should be wrapped, e.g.

if (isSANB(webhookSignatureKey)) {
  // all the code like `const webhookSignature = ...` goes inside here
} else {
  // if there wasn't a key detected in the `.env` file then we should alert admins
  const err = new TypeError('Webhook signature key missing, did you forget to add it to .env?');
  err.isCodeBug = true;
  logger.fatal(err);
}

[titanism]

See comments for changes.

[titanism]

🙏 👏