Add secret parameter for github action notification

[tbille]

This API is fully open. We require a secret token when requesting this endpoint to make sure we don't get spammed.

https://github.com/canonical-web-and-design/webteam-hubot/blob/master/scripts/github-action-notification.js

We should have this check: https://github.com/canonical-web-and-design/webteam-hubot/blob/master/scripts/github-pull-requests-reviews-notifications.js#L93

[SirSamTumless]

@nottrobin Please triage this.

[pmahnke]

@nottrobin closing, reopen if you are going to plan the work.

[tbille]

Sorry I have to reopen this.
This is an actual potential vulnerability that we need to fix.