Thank you so much for the detailed post. Please note that only the master API token can be used for authenticating x-sendbird-signature.
Other than that, your code looks okay. I did find that your sample decodes as expected in a node.js environment but not in Python3. I will ask our engineers to take a look.
