Warn about empty secret and skip the update in the webhook updater tool

[jhrozek]

Summary

I was testing the webhook update locally and realized that it's too easy
to let the webhook update proceed with an empty secret. On the server
side we already have a similar check.

Change Type

• Bug fix (resolves an issue without affecting existing features)
• Feature (adds new functionality without breaking changes)
• Breaking change (may impact existing functionalities or require documentation updates)
• Documentation (updates or additions to documentation)
• Refactoring or test improvements (no bug fixes or new functionality)

Testing

You'd pass the secret file with an env variable:

MINDER_WEBHOOK_CONFIG_WEBHOOK_SECRET_FILE=.secrets/webhook_secret ./bin/minder-server webhook update -p github

If you omit the secret file, you now get a failure, previously the tool would have proceeded with the update:

./bin/minder-server webhook update -p github

Review Checklist:

• Reviewed my own code for quality and clarity.
• Added comments to complex or tricky code sections.
• Updated any affected documentation.
• Included tests that validate the fix or feature.
• Checked that related changes are merged.

[coveralls]

coverage: 50.523% (+0.006%) from 50.517%
when pulling 2c5b5da on jhrozek:webhook_rotate_warn_empty_secret
into 30a63bb on stacklok:main.