fix: normalize webhook secret via schema validator instead of inline

Move blank/whitespace-only secret normalization to a shared
field_validator on both BoardWebhookCreate and BoardWebhookUpdate.
This ensures consistent behavior across create and update paths
and removes the inline normalization from the endpoint handlers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/api/board_webhooks.py

@@ -359,7 +359,7 @@ async def create_board_webhook(
         agent_id=payload.agent_id,
         description=payload.description,
         enabled=payload.enabled,
-        secret=payload.secret or None,
+        secret=payload.secret,
     )
     await crud.save(session, webhook)
     return _to_webhook_read(webhook)
@@ -394,8 +394,6 @@ async def update_board_webhook(
         webhook_id=webhook_id,
     )
     updates = payload.model_dump(exclude_unset=True)
-    if "secret" in updates:
-        updates["secret"] = updates["secret"] or None
     if updates:
         await _validate_agent_id(
             session=session,