GitHub: use X-Hub-Signature-Sha-256 header to validate webhook payloads

In late 2020, GitHub [introduced](https://github.com/github/docs/pull/82) a new `X-Hub-Signature-Sha-256` header to sign Webhook payloads with the more secure sha256 hash.

The legacy, sha1-based `X-Hub-Signature` header we're currently using is still around for backwards compatibility, but we should update the precommit() method to use the new one.