Fix slack webhook overriding

[gaspergrom]

Changes proposed ✍️

What

🤖 Generated by Copilot at a06842e

This pull request adds validation and protection for the slackWebHook field in the settings object. It prevents setting or saving invalid or malicious URLs that could compromise the Slack integration feature.
​

🤖 Generated by Copilot at a06842e

To send notifications to Slack
We need a valid webhook in the stack
But some URLs are bad
Or could make us look sad
So we check the slackWebHook and roll back

Why

How

🤖 Generated by Copilot at a06842e

• Validate and sanitize the slackWebHook field in the settings data to prevent errors or security issues when sending notifications to Slack (link, link, link, link)
• In settingsRepository.ts, check if the slackWebHook field starts with 'https://' and set it to undefined otherwise before saving it to the database (link)
• In settingsService.ts, initialize the slackWebHook field to undefined when creating a new settings object (link)
• In settingsService.ts, set the slackWebHook field to undefined when updating the settings object with the data from the request body or the environment variables (link, link)

Checklist ✅

• Label appropriately with Feature, Improvement, or Bug.
• Add screehshots to the PR description for relevant FE changes
• New backend functionality has been unit-tested.
• API documentation has been updated (if necessary) (see docs on API documentation).
• Quality standards are met.

[epipav]

lgtm 👍 Included one comment

[epipav]

Let's check this with
if ((typeof data.slackWebhook !== 'string') || (typeof data.slackWebhook === 'string' && !data.slackWebHook?.startsWith('https://'))
so that startsWith() doesn't throw an error when data.slackWebhook === true