[LabelBot] Verify GitHub signature before enqueuing in SQS #27
Description
At the moment, we verify the signature of the webhook in the Labelbot which is the second instance. This means that an attacker could flood our SQS queue because the request is not being validated at that point.
The verification should be moved from the LabelBot lambda function to the API Gateway endpoint since that's the first time we're interacting with the message. Validating the message at this point allows decline an invalid message at the earliest point possible.