Support ghe.com tenant headers in GitHub Enterprise webhook routing

[sentry-junior]

Current behavior

GithubEnterpriseRequestParser._get_external_id resolves the integration host via get_host(), which reads only the X-GitHub-Enterprise-Host header (webhook.py, parsers/github_enterprise.py).

Gap

GitHub Enterprise Cloud with data residency (*.ghe.com) does not send X-GitHub-Enterprise-Host. It sends:

• X-GitHub-Tenant
• X-GitHub-Tenant-Id
• X-GitHub-Hook-Installation-Target-Id

Because get_host() returns None for these requests, get_integration_from_request() cannot match an integration, and all inbound webhooks (GitHub → Sentry) return an empty 400 before signature validation is ever reached. Outbound (Sentry → GitHub) is unaffected.

Options

• A — Header fallback in get_host(): Check X-GitHub-Tenant (and construct the host as <tenant>.ghe.com) when X-GitHub-Enterprise-Host is absent. Low risk, minimal scope.
• B — Tenant-ID-based lookup via X-GitHub-Hook-Installation-Target-Id: Bypass host-based routing entirely for *.ghe.com and resolve the integration from the installation/hook target ID. More robust but requires schema-level changes.

Option A is the least invasive path; Option B is the more durable fix if ghe.com header shapes continue diverging from GHES.

Action taken on behalf of Styliani Paspala.

[linear-code]

ENG-7365

[getsantry]

Routing to @getsentry/product-owners-settings-integrations for triage ⏲️