Invalid signatures are accepted

[aleahy]

Love the package, but there seems to be a problem with verifying the signature.

The isValid method of the MailgunSignatureValidator class doesn't seem to ever be able to return false.

It is expecting an exception to return false, but it can never receive one.

In the Webhook class, you have:

public static function constructEvent(array $payload, array $signature, string $secret): Event
    {
        // verify we are good, else throw an expection
        WebhookSignature::make($signature, $secret)->verify();
        // Make an event
        return Event::constructFrom($payload);
    }

But the verify() function only returns a bool and doesn't throw an exception like the Stripe package. So even if it is false, it doesn't raise an exception and the isValid method of the Signature Validator will always return true.

Would you be interested in a PR?

[cyrillkalita]

@aleahy absolutely!