Revokes a webhook signing key for an enterprise. This is a soft delete — the key row is preserved for audit purposes but marked as REVOKED.

Revoked keys cannot be used for webhook signature verification. Revocation is irreversible — a new key must be registered to restore access.

Key ID tombstoning: Once a keyId is revoked, it is permanently tombstoned for this enterprise. Attempting to register a new key under the same keyId will return a 400 error, even after revocation. This is intentional security design that prevents key-reuse attacks. Choose a stable, unique keyId from the start (e.g. use a version suffix such as my-key-v2) so that key rotation does not require updating secrets or configuration files that reference the keyId.

Authorization: Caller must be an admin of the specified enterprise.