feat(payments): implement standard webhooks validation system

Add comprehensive webhook validation and processing system with Polar.sh integration:

  - Create built-in Standard Webhooks package following official specification
  - Implement HMAC-SHA256 signature validation with base64 encoding
  - Add webhook factory for multi-provider support (Polar, Stripe, generic)
  - Replace custom Polar webhook validation with Standard Webhooks implementation
  - Add proper exception handling with custom WebhookVerificationException
  - Support sandbox mode bypass for development environments
  - Update Polar provider to use database-driven configuration
  - Enhance webhook test suite with proper Standard Webhooks format
  - Add PaymentProvider model HasFactory trait for testing
  - Implement timestamp tolerance checking (±5 minutes) for replay protection
  - Support multiple signature versions and proper header validation

  This provides a secure, reusable webhook validation system that can be extended
  to other payment providers while maintaining full compliance with Standard
  Webhooks specification.

  BREAKING CHANGE: Polar webhook validation now uses Standard Webhooks format
  with headers 'webhook-id', 'webhook-timestamp', 'webhook-signature' instead of
  previous Polar-specific headers.

routes/payment.php

@@ -34,7 +34,7 @@ Route::middleware(['auth', 'verified'])->prefix('checkout')->name('checkout.')->
     Route::get('/trial/{plan}/{provider}', [PaymentController::class, 'trialCheckout'])->name('trial');
 });
 
-Route::prefix('webhook')->name('webhook.')->group(function () {
+Route::prefix('webhook')->name('webhook.')->middleware(['webhook.rate_limit'])->group(function () {
     // Unified webhook handler
     Route::post('/{provider}', [WebhookController::class, 'handle'])->name('unified');