Summary

Partially addresses #535 by adding Stripe webhook signature verification for the payment webhook flow.

This PR:

• keeps the raw request body in app/api/payment/webhook before JSON parsing
• passes the raw body and stripe-signature header into the payment adapter
• verifies Stripe webhook events with stripe.webhooks.constructEvent
• requires and stores stripeWebhookSecret for Stripe payment settings
• adds the Stripe webhook secret field to the admin payment settings UI
• updates payment setup docs to tell admins to copy the Stripe webhook signing secret
• adds focused tests for valid, missing, and tampered Stripe webhook signatures

Verification

• pnpm install --frozen-lockfile
• pnpm exec prettier --write apps/web/payments-new/payment.ts apps/web/payments-new/stripe-payment.ts apps/web/app/api/payment/webhook/route.ts apps/web/app/api/payment/__tests__/stripe-payment.test.ts packages/orm-models/src/models/site-info.ts apps/web/graphql/settings/logic.ts apps/web/graphql/settings/helpers.ts apps/web/components/admin/settings/index.tsx apps/web/ui-config/strings.ts apps/docs/src/pages/en/schools/set-up-payments.md apps/docs-new/content/docs/schools/set-up-payments.mdx
• pnpm exec eslint apps/web/payments-new/payment.ts apps/web/payments-new/stripe-payment.ts apps/web/app/api/payment/webhook/route.ts apps/web/app/api/payment/__tests__/stripe-payment.test.ts apps/web/graphql/settings/logic.ts apps/web/graphql/settings/helpers.ts apps/web/components/admin/settings/index.tsx apps/web/ui-config/strings.ts packages/orm-models/src/models/site-info.ts --quiet
• git diff --check
• pre-commit hook: prettier --write packages apps docs *.md and eslint --quiet --cache --fix packages apps/docs apps/docs-new apps/web

I also smoke-tested Stripe's generateTestHeaderString + constructEvent flow against the installed stripe package.

Note: I did not implement Razorpay or Lemon Squeezy verification in this PR; this is intentionally limited to the Stripe path so the change remains reviewable.