Integration: Webhook receiver with HMAC SHA-256 signature validation

[franks883]

PR Description:

Adds a secure Scripted REST API pattern for inbound webhooks. Validates an X-Signature HMAC SHA-256 over the raw body, rejects invalid requests with 401, and stores valid payloads for downstream processing.

Includes README, a small HMAC utility Script Include, and the resource script.

Pull Request Checklist

Overview

• Put an x inside of the square brackets to check each item.
• I have read and understood the CONTRIBUTING.md guidelines
• My pull request has a descriptive title that accurately reflects the changes and the description has been filled in above.
• I've included only files relevant to the changes described in the PR title and description
• I've created a new branch in my forked repository for this contribution

Code Quality

• My code is relevant to ServiceNow developers
• My code snippets expand meaningfully on official ServiceNow documentation (if applicable)
• I've disclosed use of ES2021 features (if applicable)
• I've tested my code snippets in a ServiceNow environment (where possible)

Repository Structure Compliance

• I've placed my code snippet(s) in one of the required top-level categories:
  • Core ServiceNow APIs/
  • Server-Side Components/
  • Client-Side Components/
  • Modern Development/
  • Integration/
  • Specialized Areas/
• I've used appropriate sub-categories within the top-level categories
• Each code snippet has its own folder with a descriptive name

Documentation

• I've included a README.md file for each code snippet
• The README.md includes:
  • Description of the code snippet functionality
  • Usage instructions or examples
  • Any prerequisites or dependencies
  • (Optional) Screenshots or diagrams if helpful

Restrictions

• My PR does not include XML exports of ServiceNow records
• My PR does not contain sensitive information (passwords, API keys, tokens)
• My PR does not include changes that fall outside the described scope

[github-actions]

👋 Unassigning @mskoddow due to inactivity (> 60 min without comments/reviews). This PR remains open for other reviewers.

[mskoddow]

Unfortunately I'm lacking an option to test this implementation out, however it looks all good to. I'm just wondering if you know Travis Toulson's article about the same topic but using OOTB options: https://www.servicenow.com/community/developer-advocate-blog/hmac-validation-in-servicenow-securing-webhook-integrations-with/ba-p/3382297
Also, the documentation is great, so many thanks for your valuable contribution and keep building!