Add authentication to merge request external status checks
Problem
Merge request external status checks currently have no way of checking the authenticity of the request from GitLab in the external service. This could lead to spoofing of the GitLab request to the external status check.
Proposal
Add header parameter that is defined on creation of the external status check and can not be changed. Similar to audit event streaming authenticity. The external service can then verify the header parameter to ensure authenticity.
Edited by Nate Rosandich