Introduce secure webhook command system

[raidel-a]

Add secure webhook command system with HMAC authentication for external service integration. This enables trusted external services to execute bot commands
through Discord webhooks with cryptographic validation.

Changes

• New cog: cogs/webhook_commands.py - Complete webhook command handler with HMAC-SHA256 authentication
• Example script: examples/webhook_test.py - Testing utility for webhook commands with proper signature generation

Features

Security & Authentication

• Mandatory HMAC-SHA256 validation using WEBHOOK_SECRET_KEY environment variable
• Timestamp-based replay attack prevention (5-minute window)
• Rate limiting (30 commands/minute per webhook)
• Whitelist-based webhook ID validation

Supported Commands

• ASSIGN_ROLE - Assign roles to users
• REMOVE_ROLE - Remove roles from users
• SEND_MESSAGE - Send messages to channels
• GET_USER_INFO - Retrieve user information and roles

Message Format

BOT_CMD:<REQUEST_ID>:<COMMAND>:<PARAM1>:<PARAM2>:<TIMESTAMP>:<HMAC_SIGNATURE>

Response Format

• Success: [OK] BOT_RESPONSE:<REQUEST_ID>:SUCCESS::<RESULT_DATA>
• Error: [ERR] BOT_RESPONSE:<REQUEST_ID>:ERROR::<ERROR_CODE>:<ERROR_MESSAGE>

Test Plan

• Test HMAC signature generation and validation
• Test all supported commands with valid parameters
• Test error handling for invalid signatures, expired timestamps, and malformed messages
• Test rate limiting functionality
• Verify webhook ID whitelist enforcement
• Test command execution timeout handling