Today to validate that a request to trigger an Azure DevOps pipeline came from Port, the webhook trigger needs to validate that the request includes an "X-Port-Signature" header whose contents are the webhook payload, signed in SHA-1 using the Port organization's client secret.

This means the blast radius could potentially be very large, as multiple ADO pipelines would be protected by the same set of credentials.

The request is to support setting a Port service account as the credential set used to sign the payload contents before inserting them into the "X-Port-Signature" header