Slack webhook signature verifier.
HMAC-SHA256 over "v0:<timestamp>:<body>", digest in the
X-Slack-Signature header with a v0= prefix. Timestamp in
X-Slack-Request-Timestamp.
Also handles the one-shot url_verification handshake Slack issues
when an endpoint URL is first registered in the app's config. That
handshake arrives as a JSON body of the form
{"type": "url_verification", "challenge": "..."} and expects a 200
response echoing the challenge. This module short-circuits that case
and returns {:handshake, conn} so the Plug sends the response and
skips dispatch.
Registration config
secret_key(required) — the key name resolved viaCredentialProvider.max_skew(optional) — timestamp tolerance in seconds. Default 300.