There is no way right now to set custom headers on webhook requests.
Have you tried configuring a webhook URL containing a user/password? Running a quick test locally showed that the webhook request will be sent out with the correct Authorization: Basic xxxxx header