fix(slack): replace deprecated @slack/events-api with native crypto validation

[angelcaamal]

Description

This PR refactors the Slack function sample to remove the deprecated @slack/events-api library. The request validation has been rewritten to use manual signature verification with the native Node.js crypto module.

Additionally, the test suite has been updated to reflect these changes and ensure stability in the CI pipeline.

Fixes Internal: b/414440396

Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.

Checklist

• I have followed guidelines from CONTRIBUTING.MD and Samples Style Guide
• Tests pass: npm test (see Testing)
• Lint pass: npm run lint (see Style)
• Required CI tests pass (see CI testing)
• These samples need a new API enabled in testing projects to pass (let us know which ones)
• These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
• This pull request is from a branch created directly off of GoogleCloudPlatform/nodejs-docs-samples. Not a fork.
• This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
• This sample adds a new sample directory, and I created GitHub Actions workflow for this sample
• This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
• Please merge this PR for me once it is approved

Note: Any check with (dev), (experimental), or (legacy) can be ignored and should not block your PR from merging (see CI testing).

[gemini-code-assist]

Code Review

This pull request replaces the @slack/events-api dependency with a manual implementation of Slack webhook signature verification using the Node.js crypto module. The changes include a new verifyWebhook function and updated integration and unit tests to support the manual signing process. Feedback was provided to enhance security by implementing replay attack protection via timestamp verification, adding explicit checks for the signing secret, and optimizing the HMAC calculation process.

[XrossFox]

Please do not change the values of global states like env variables, since it's not a generally a good habit in practice. Just pull the value directly in your code's const where you can use the ternary operator. However, also is good practice to raise an exception when an environment variable is not set, as it is a good practice to avoid obfuscating errors in real life.

Suggested change

	const SLACK_SECRET = process.env.SLACK_SECRET;
	if (process.env.SLACK_SECRET is not undefined){
	const SLACK_SECRET = process.env.SLACK_SECRET;
	}
	else:
	raise("Error, SLACK_SECRET env var is not set.")

p.d: pardon my node.js syntax, might not be accurate.

[XrossFox]

Same as above: do not change var envs, raise exception on being unset.