Securing webhook : propose a password field + headers

Currently there is no way to authenticate a webhook notification sent by Gitlab. Like for github webhook, I think it should be interesting to fill a password for each webhook to secure webhook payload. An additionnal header contains a hmac algoritm and the corresponding checksum.

X-Hub-Signature: sha1=57920710b7619b11df90c4ae237f0f53d77a8f54

The hmac is calculated like that: (PHP way: http://php.net/manual/en/function.hash-hmac.php)

$hmac = hash_hmac($algo, $payload, $secret);

To maintain compatibility, the secret field can be optional.