Problem

Webhook-capable channel adapters should fail closed when required auth material (secret/token) is missing, but behavior is not enforced consistently across adapters.

Expected behavior

• Startup/bootstrapping should reject insecure webhook configs by default.
• Adapter startup errors should be explicit and actionable.

Acceptance criteria

• Add/extend startup validation so webhook auth requirements are enforced consistently for webhook adapters.
• Add tests proving missing secret/token fails startup.
• Add tests proving valid secret/token passes startup.

Validation

• Targeted adapter startup tests covering missing/valid auth config paths.
• Existing CI check/lint/type gates remain green.