feat(hook): add AllowInsecure option for TLS verification

* Introduced AllowInsecure field in Hook configuration to skip TLS certificate verification.
* Updated database schema and models to support the new field.
* Modified HTTP client behavior based on AllowInsecure setting.

pkg/hooks/manager.go

@@ -3,6 +3,7 @@ package hooks
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -335,6 +336,18 @@ func (m *Manager) sendToHook(ctx context.Context, hook config.Hook, payload inte
 		eventCtx = context.Background()
 	}
 
+	// Select the appropriate HTTP client. If the hook allows insecure TLS, use a
+	// dedicated client that skips certificate verification; otherwise use the shared client.
+	httpClient := m.client
+	if hook.AllowInsecure {
+		httpClient = &http.Client{
+			Timeout: 30 * time.Second,
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec // intentional: user opted in via AllowInsecure
+			},
+		}
+	}
+
 	// Publish hook triggered event
 	m.eventBus.Publish(events.HookTriggeredEvent(eventCtx, hook.ID, hook.Name, hook.URL, payload))
 
@@ -391,7 +404,7 @@ func (m *Manager) sendToHook(ctx context.Context, hook config.Hook, payload inte
 
 	logging.Debug("Sending to hook", "hook_id", hook.ID, "url", hook.URL)
 
-	resp, err := m.client.Do(req)
+	resp, err := httpClient.Do(req)
 	if err != nil {
 		logging.Error("Failed to send to hook", "hook_id", hook.ID, "error", err)
 		m.eventBus.Publish(events.HookFailedEvent(eventCtx, hook.ID, hook.Name, err))