feat: generic webhook provider with JSONPath payload extraction

Add a new "webhook" provider type that accepts arbitrary HTTP POST payloads,
extracts template variables via user-defined JSONPath mappings, and dispatches
notifications through the existing pipeline. Supports three auth modes
(HMAC-SHA256, Bearer token, none), bounded JSONPath cache, and 1MB payload limit.

Full stack: core provider + event parser, API endpoint, DB migration,
capabilities, seeds, default templates (EN/RU), frontend descriptor, i18n.

frontend/src/lib/i18n/en.json

@@ -115,6 +115,7 @@
 		"typeScheduler": "Scheduler",
 		"typeNut": "NUT (UPS)",
 		"typeGooglePhotos": "Google Photos",
+		"typeWebhook": "Generic Webhook",
 		"loadError": "Failed to load providers.",
 		"externalDomain": "External Domain",
 		"optional": "optional",
@@ -126,6 +127,9 @@
 		"plankaWebhookSecretHint": "Bearer token for webhook authentication. Set the same token as WEBHOOK_ACCESS_TOKEN in Planka.",
 		"plankaApiKeyHint": "Optional. Needed for connection testing and board listing.",
 		"plankaWebhookUrlHint": "Set this as the Webhook URL in Planka environment config (relative to your bridge host).",
+		"authMode": "Authentication Mode",
+		"authModeHint": "Choose hmac_sha256, bearer_token, or none",
+		"genericWebhookSecretHint": "Secret for HMAC-SHA256 or Bearer token authentication. Leave empty for no authentication.",
 		"webhookSecretRequired": "Webhook secret is required",
 		"apiToken": "API Token",
 		"apiTokenHint": "Optional. Needed for connection testing and repository listing.",
@@ -454,6 +458,7 @@
 		"upsReplaceBattery": "Replace battery",
 		"upsOverload": "UPS overloaded",
 		"scheduledMessage": "Scheduled message",
+		"webhookReceived": "Webhook received",
 		"trackImages": "Track images",
 		"trackVideos": "Track videos",
 		"favoritesOnly": "Favorites only",