Hardened external input handling for webhooks, drops, and OAuth registration

This release hardens how Hive handles external payloads, so webhooks, drops, and dynamic OAuth registration metadata are normalized and validated more safely. Malformed or unexpected input is now rejected or mapped to safe defaults instead of being trusted blindly, which reduces the risk of crashes and abuse from third-party data.