Use `generic-hmac` Flux Receiver secret

The Flux Receiver Integration currently uses a generic type Receiver, which doesn't require any authorization from the webhook caller.

We should use the generic-hmac type to do some basic authentication.

Implementation guide

• agentk must share a k8s secret with each individual Receiver.
• Each Receiver must have its own k8s secret object, because it must be in the same namespace and each GitRepository has exactly one Receiver in the same namespace, too.
• Theoretically, the secret token can be different for each secret it doesn't have to be and could be one secret per agentk instance. However, this is implementation detail and should be double checked with security. Either way, it's better than right now and may be implemented iteratively.
• when agentk triggers the Receiver webhook it must send the secret token with the request.

References

• Feature demo video
• Flux documentation for generic-hmac receiver