#8121: fix(gateway): remove query parameter token support for hooks

## Summary Remove support for hook authentication tokens in URL query parameters to prevent credential leakage (CWE-598). ## The Problem The hook endpoint accepted authentication tokens via URL query parameters (`?token=...`). Tokens in URLs leak through multiple vectors: - Server access logs - Browser history - HTTP Referer headers when linking to external sites - Reverse proxy logs (nginx, cloudflare, etc.) - CDN logs - Monitoring and debugging tools While a deprecation warning was logged, the feature remained functional. ## Changes - `src/gateway/hooks.ts`: Removed query parameter token extraction from `extractHookToken()` - `src/gateway/server-http.ts`: Removed the deprecation warning (now dead code) - `src/gateway/hooks.test.ts`: Updated test to verify query tokens are rejected ## Test Plan - [x] `pnpm build && pnpm test` passes - [x] Test `extractHookToken prefers bearer > header, rejects query params` validates fix - [x] Gateway tests pass (208 tests) Hook authentication now only accepts tokens via: - `Authorization: Bearer <token>` header - `X-OpenClaw-Token` header ## Related - [CWE-598: Use of GET Request Method with Sensitive Query Strings](https://cwe.mitre.org/data/definitions/598.html) --- Internal reference: VULN-007 This PR was generated with the following prompt: > Remove query parameter token support from hook authentication to prevent credential leakage (CWE-598) 🤖 Discovered by [bitsec.ai](https://bitsec.ai) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR removes hook authentication via `token` URL query parameters and updates the gateway handler/tests accordingly, leaving hook auth to `Authorization: Bearer …` or `X-OpenClaw-Token` headers only. This reduces credential leakage via URL logging/referrers and simplifies the hook request handler by removing the now-dead deprecation warning branch. <h3>Confidence Score: 4/5</h3> - This PR is safe to merge with low risk; it’s a targeted security hardening change with aligned tests. - Diff is small and behavior change is intentional (rejecting query tokens). Unit test updates cover the main auth precedence and the removal of query-param acceptance; no other callers of `extractHookToken` exist beyond the gateway handler and tests. - src/gateway/hooks.ts (API shape: `fromQuery` now constant false) <!-- greptile_other_comments_section --> <!-- /greptile_comment -->