feat: signSync, verifySync

[Uzlopak]

We anyway just check if sha256 is given.
Add the signSync and verifySync methods, as crypto code runs in C++ code of node, which makes it by nature block the event loop of node. By making it sync we reduce the unecessary overhead of creating intermediary Promises, which are thrown away anyway. So we can use that in probot / webhooks.js.

Only when using web crypto async maybe makes sense, because that runs by nature async, but I suspect to be signifcantly slower.

We need to patch then webhooks.js repo to use sync calls.

@semver-minor.

Resolves #ISSUE_NUMBER

---

Before the change?

After the change?

Pull request checklist

• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

• Yes
• No

---

[Uzlopak]

Implemented now in a way, that it does not break.

EDIT:
Scratch that. I removed sha1. LOL

[gr2m]

this is a breaking change as we change the API by removing the algorithm argument. But we can absorb the breaking change in @octokit/webhooks as GitHub no longer supports sha1 in any of its maintained GHES versions.

Can you please update the README?

[Uzlopak]

@gr2m
Is the readme now to your liking?

[gr2m]

actually, can you document signSync and verifySync?

I'm not 100% sure if we really need it, I don't like the fact that available methods diverge between the JS runtimes.

Maybe let's leave out the introduction of signSync and verifySync and discuss that in a separate PR?