Critical Signature Bypass Exposes Linear Webhook Endpoint to Unauthenticated Exploitation Under Tailscale Funnel

A P0 vulnerability in the Linear webhook handler permits unauthenticated remote code execution-equivalent access through a signature verification bypass. The flaw, residing in `backend/routers/linear_webhook.py:82-101`, causes the `_verify_linear_signature` function to return `True` when both `signature_header` and `secret` are absent. Combined with public exposure via Tailscale Funnel and a CSRF whitelist exemption for `/api/linear/webhook` in `backend/middleware.py`, the dispatch path becomes accessible to any internet user without credentials.

The vulnerability enables injection of fabricated Linear webhook payloads that trigger `agents.dispatch.issue` envelopes against any repository in the organization. The `_build_dispatch_envelope` function (lines 152-184) processes these requests using Linear-controlled URLs embedded in the prompt, routing them to an agent with push access to the D-sorganization. An attacker can exploit this chain to execute arbitrary commands within the organization's infrastructure without authentication.

The issue, filed as a P0 with parent ticket #304, flags this as a critical public attack surface requiring immediate remediation. Organizations running this codebase should audit webhook signature enforcement, verify secret configuration requirements, and evaluate restricting the dispatch path from public exposure until a fix is deployed.