(core) support a wildcard option for ALLOWED_WEBHOOK_DOMAINS

Summary:
Now that webhook payload delivery can be done using a proxy,
it may be desirable to no longer require a set of `ALLOWED_WEBHOOK_DOMAINS`.
This diff allows this variable to be set to `*`. With this setting,
any domain, and both `http` and `https` protocols will now be accepted.

Another possibility would be to default to unchecked
behavior if `ALLOWED_WEBHOOK_DOMAINS` is not set. But this would
introduce a new kind of vulnerability to unconfigured Grist
installations.

Test Plan: switched a test from naming a domain to using `*`

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D3903

test/nbrowser/WebhookPage.ts

@@ -20,7 +20,7 @@ describe('WebhookPage', function () {
   before(async function () {
     oldEnv = new EnvironmentSnapshot();
     host = new URL(server.getHost()).host;
-    process.env.ALLOWED_WEBHOOK_DOMAINS = host;
+    process.env.ALLOWED_WEBHOOK_DOMAINS = '*';
     await server.restart();
     session = await gu.session().teamSite.login();
     const api = session.createHomeApi();