Added GitHub and Clerk webhook handlers with Inngest pipeline stubs

Clerk and GitHub webhooks: receive, verify, and queue events — The API now accepts signed webhooks from Clerk and GitHub, verifies signatures, persists GitHub events for audit, and queues verified events to background pipelines so external account and push activity can be processed reliably.
Typed Inngest events and stub pipeline functions — Typed events and two stub Inngest functions were added to register end-to-end pipelines: a historical sync for new GitHub installations and a per-project push-processing pipeline. Both are logged stubs now and ready for full implementation.

Added /webhooks endpoints for Clerk and GitHub to the API and mounted them with raw-body middleware so signatures can be verified.backend
Added @suprlogs/webhooks package with production-ready Clerk (Svix HMAC) and GitHub (HMAC-SHA256 with timing-safe compare) verification helpers and typed webhook payloads.integrations
Added typed Inngest events and two stub functions (github/installation.created and github/push.received) so background pipelines are registered and can be invoked end-to-end.backend
Persisted incoming GitHub webhook payloads to an audit table (best-effort) and queued installation/push events to Inngest for downstream processing.database

Validated required webhook environment variables (CLERK_WEBHOOK_SIGNING_SECRET, GITHUB_WEBHOOK_SECRET) at startup and threw a clear error if missing to avoid silent misconfiguration.devops
Ensured webhook routes use express.raw() before JSON parsing to preserve the raw request body for signature verification.backend
Added ProjectRepository.findByRepo and exported Json type from @suprlogs/database to support repo→project lookups from push webhooks.database
Updated package and dev dependencies (vitest, supertest) and added e2e/unit tests covering signature verification, happy-path handlers, and resilience when DB writes fail.
Fixed ngrok:start port to match the API server port (4704) and added GITHUB_WEBHOOK_SECRET to turbo globalEnv.devops

Implemented timing-safe HMAC verification for GitHub webhooks and Svix-backed verification for Clerk webhooks to protect against tampering and replay.auth

Returned consistent 200 responses for valid webhook deliveries even when downstream DB writes fail, preventing sender retries while still logging errors for investigation.backend

Updated changelog and package metadata to document the new webhook verification utilities, events, and pipeline stubs.