Add ping/pong ACK flow for webhook endpoints

[ezekg]

To prevent abuse of webhook events being sent to URLs outside of an account's control, we should require that all new endpoints respond to a webhook-endpoint.ack or webhook-endpoint.ping event, with a unique "pong" response before being enabled. Endpoints that have not gone through the ACK flow should not receive event deliveries, and should be considered disabled.

[ezekg]

One complication here is Zapier. I think we can add the ACK to a trigger's perform function, returning an empty array in that case¹. But we'll need to make sure to auto-upgrade all users since this would be a breaking change to existing Zaps. Either that or we can whitelist zapier.com or their IPs.

Footnotes

1. https://docs.zapier.com/platform/build/hook-trigger ↩