Open
Description
I understand as a security precaution the gh copilot extension services need to verify the gh payload and headers to make sure these are originating from github.
In my Typescript code, I would like to add this as a express middleware to the express endpoint code. Unfortunately this is exceptionally hard to test on a local environment. I would expect the github debug cli to include a valid signature in the correspondence as well. When debugging this locally github-public-key-signature and github-public-key-identifier headers are empty.
I did consider to only add the verifier middleware in a production environment, but this does not let me test the implementation.
Please provide a way to verify the gh payload locally.