When using web hook with credentials secured web resource, one needs to
put the credentials in the hook URL.

If the credentials contain special symbols (e.g. @ or #), it should be
URL-quoted (e.g. %40 instead of @).

But when Gitlab is making a request, it should unquote the symbols
before base64-encoding them.