feat(security): display a masked webhook url by default with optional toggle

[nktnet1]

What is this PR about?

The Webhook URL for triggering deployment contains a sensitive refresh token.

This should not be shown by default, as it could accidentally be leaked during an online meeting or video recording.

This pull request adds a client-side toggle button (default off) to control the visibility of the Webhook URL. See video further below.

Checklist

Before submitting this PR, please make sure that:

• You created a dedicated branch based on the canary branch.
• You have read the suggestions in the CONTRIBUTING.md file https://github.com/Dokploy/dokploy/blob/canary/CONTRIBUTING.md#pull-request
• You have tested this PR in your local instance. If you have not tested it yet, please do so before submitting. This helps avoid wasting maintainers' time reviewing code that has not been verified by you.

Screenshots (if applicable)

Toggle off:

Toggle on:

Video demo:

demo-webhook-visibility-toggle.webm

[nktnet1]

@Siumauricio I've rebased the branch to match the new git history for the canary branch.

However, would it be possible to limit the use of force-push for canary?

 

I think it makes it difficult for contributors to have to rebase all their PR branches. Thanks.