Document that webhook secret token is sent in X-Gitlab-Token HTTP header
What does this MR do?
Note that the secret token is sent in the X-Gitlab-Token header on the webhook documentation page, as well as directly below the secret token field on the webhook settings form.
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
It took me a while to figure out how to verify the token in my hook endpoint. Issue #18256 (closed) is where I found how to do it.