feat: add webhook signature verification helper

[dipankardas011]

Summary

• Adds WebhookVerifier struct for verifying incoming Polar webhook signatures
• Adds ValidateWebhookSignature convenience function for one-shot verification
• Uses the Standard Webhooks specification (which Polar uses for webhook signing)
• Handles base64 encoding of secrets internally, providing a cleaner API

Usage

// Option 1: Reusable verifier (recommended for handlers)
verifier, err := polargo.NewWebhookVerifier(webhookSecret)
if err != nil {
    // handle error
}
if err := verifier.Verify(payload, r.Header); err != nil {
    // signature invalid
}

// Option 2: One-shot validation
if err := polargo.ValidateWebhookSignature(payload, r.Header, webhookSecret); err != nil {
    // signature invalid
}

Motivation

Currently, SDK users need to:

1. Import the standard-webhooks library separately
2. Manually base64-encode their webhook secret
3. Understand the Standard Webhooks spec

This PR provides a native SDK solution that hides these implementation details. As Python and Typescript sdk have this

Test plan

• Unit tests for NewWebhookVerifier
• Unit tests for Verify with valid/invalid signatures
• Unit tests for missing headers
• Unit tests for wrong secret
• Unit tests for ValidateWebhookSignature convenience function
• All tests passing