feat: HMAC verification on IPN callback for security

[Benjamin-Freoua-Alma]

Reason for change

Linear task

Code changes

We add the call function to isHmacValidated in php client to check is the IPN callback is signed by Alma before to validate the order by IPN

How to test

As a reviewer, you are encouraged to test the PR locally.

Make an order, close the page before the return validation payment
Call the ipn callback with some other browser or API Client to check if the IPN need the Alma signature

Checklist for authors and reviewers

• The title of the PR uses business wording, not technical jargon, for the changelog readers to understand it
• The PR implements the changes asked in the referenced task / issue
• The automated tests are compliant with the testing strategy
• The tests are relevant, and cover the corner/error cases, not only the happy path
• You understand the impact of this PR on existing code/features
• The changes include adequate logging and Datadog traces
• Documentation is updated (API, developer documentation, ADR, Notion...)

Non applicable

[github-actions]

⏳E2E tests are currently running.
➡️ You can follow their progression here.

[sonarcloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

❌ E2E tests have failed.
➡️ You can find the results here.