Add ability to specify custom webhook headers

Description

Currently, web hooks support sending an authentication token in the X-Gitlab-Token header. I propose adding the ability to send a token in an arbitrary header.

Proposal

I want to integrate with a system that is hard coded to accept authentication tokens only from a certain custom header. This makes it impossible to trigger the system using GitLab web hooks, because they insist on sending the token in the X-Gitlab-Token header. I would like there to be an option to configure the name of the header the token is sent in.

GitLab Proposal

(link: #17290 (comment 951907862)) Support a flexible (but limited) number of headers.
(link: #17290 (comment 951909520)) Ensure values are encrypted and do not surface in logs, WebHookLog records, or the UI.
This work may resemble in some ways the work done for encrypted tokens in URLs &7970 (closed)

Links / references

Secret Tokens

Edited Apr 19, 2023 by Luke Duncalfe