Webhook events reference

Misar Social listens for the following GitHub webhook events on connected repos: release published (triggers EchoForge post draft), pull_request merged (triggers EchoForge post draft for ship announcements), push to a protected branch (logged for audit), and create branch (logged for audit). All incoming webhooks are verified with HMAC-SHA256 using your GITHUB_WEBHOOK_SECRET. Payloads are rejected with 401 if the signature is missing or invalid.