feat(sdk)!: drop verify_webhook_signature — AgentScore emits no webhooks

Mirrors the node-sdk drop. Removes the speculative HMAC-SHA256 webhook verifier:
- agentscore/webhooks.py — deleted
- tests/test_webhooks.py — deleted
- agentscore/__init__.py — exports removed
- README.md — webhook section scrubbed

Same rationale as the node side (commit will reference the node-sdk hash):
zero outbound webhook emitter in core/api, zero internal consumers, no API
endpoint signs anything. The only inbound-webhook handler is the Stripe
Identity flow in core/website (uses stripe SDK, not this lib).

When AgentScore ships outbound events later, the right move is the official
``standardwebhooks`` PyPI lib (Svix interop spec) rather than re-rolling.

Coverage stays at 98.16% (Tier A bar 95%).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: vvillait88

README.md

@@ -91,24 +91,6 @@ client.associate_wallet(
 )
 ```
 
-### Verify webhook signatures
-
-For merchants who receive HMAC-signed webhooks (Stripe-pattern `t=<unix>,v1=<hex>` header):
-
-```python
-from agentscore import verify_webhook_signature
-
-result = verify_webhook_signature(
-    payload=raw_request_body,            # raw bytes — capture before any JSON parse
-    signature_header=request.headers.get("X-AgentScore-Signature", ""),
-    secret=os.environ["AGENTSCORE_WEBHOOK_SECRET"],
-)
-if not result.valid:
-    return {"error": result.reason}, 400
-```
-
-`reason` distinguishes transient (`timestamp_too_old`, `timestamp_in_future`) from permanent (`signature_mismatch`, `no_signatures`, `malformed_header`) failures. Default tolerance 300s; pass `tolerance_seconds=0` to skip timestamp checking. Uses `hmac.compare_digest` for constant-time comparison.
-
 ### Async
 
 All methods have async variants prefixed with `a`:

agentscore/__init__.py

@@ -31,7 +31,6 @@
     WalletAuthRequiresSigningBody,
     WalletSignerMismatchBody,
 )
-from agentscore.webhooks import VerifyWebhookSignatureResult, verify_webhook_signature
 
 __version__ = _pkg_version("agentscore-py")
 
@@ -63,10 +62,8 @@
     "SessionCreateResponse",
     "SessionPollResponse",
     "VerificationLevel",
-    "VerifyWebhookSignatureResult",
     "WalletAuthRequiresSigningBody",
     "WalletSignerMismatchBody",
     "__version__",
     "is_agentscore_test_address",
-    "verify_webhook_signature",
 ]