slack-go `SecretsVerifier` accepts empty signing secret without precondition
SecretsVerifier in slack-go/slack before v0.23.1 accepts an empty signing secret without error. If an application is misconfigured e.g., an unset or empty SLACKSIGNINGSECRET, NewSecretsVerifier builds an HMAC-SHA256 keyed with an empty string, allowing an unauthenticated attacker to forge a valid...