Summary

You can now send notifications with a payload ! Payload is encrypted with the user public key and user authentication secret that you can get with the Web Push API (subscription.getKey('p256dh') and subscription.getKey('auth')). You should have every instructions you need in the README.
For the moment, encryption is made through Spomky-Labs/php-aes-gcm. An improved version of the openssl_encrypt function of the native PHP binding of OpenSSL should be available in PHP7.1 and this library will use it when it is available.
Payload will be correctly decrypted by Chrome 50+ and Firefox 46+.

Upgrade notes

• [BC break] new API of sendNotification(string $endpoint, string $payload, string $userPublicKey, string $userAuthSecret, bool $flush) in order to take into account the user auth secret. (notice the $flush parameter being shifted to the right)
• Automatic padding of the payload can be disabled to save bandwidth with $webPush->setAutomaticPadding(false). Note that it's not recommended for security reasons.
• [fix] When there was multiple notifications in the queue and when you would send another notification with the intent to flush the queue, if there was an error with any of the notification, the function would return only the first result.