Events in webhooks need to be fetched from the Stripe API

[joshsmith]

Problem

We need to fetch events received by webhooks from the API before processing them in order to avoid possible replay attacks.

The only data that we should be capturing is the id_from_stripe, the type, and a user_id if it has it.

The id_from_stripe, along with the user_id (the Stripe Connect account's ID), should then be used to retrieve the Event from the API and proceed with any processing.

When using Connect, you can also receive notifications of events that occur in connected accounts. For these events, there will be an additional user_id attribute in the received Event object.

Since we're making this change, we might as well fold in some other changes.

Subtasks

• Add user_id to StripeEvent (can be null)
• Add endpoint to StripeEvent (platform or connect, not null, no default)
• Attempt to insert the id_from_stripe, type, user_id, endpoint, and a status of processing into the database immediately, then kick off the async process and respond to Stripe, otherwise: do nothing
• Fetch Event from Stripe's API before processing – do not pass any attributes collected from webhook, simply use the id_from_stripe and user_id (if needed) to fetch from Stripe

[joshsmith]

This relies on us doing this first beam-community/stripity-stripe#157