Add Github organization collaborators fetcher

[mlomena]

• [x] Tick to sign-off your agreement to the Developer Certificate of Origin (DCO) 1.1

What

Adds fetcher to retrieve collaborators of repositories in a Github organization

Why

Provide the business justification for the work included in the pull request.

How

• Add fetcher fetch_org_collaborators.py
• Add evidence class in gh_org_collaborators.py
• Updated devel.json and README.md

Context

• redacted

[drsm79]

I think this should be under a GitHub provider. The auditree fetchers/checks are verifying the correct configuration of the tool, which this isn’t really related to.

[alfinkel]

@drsm79 I understand the logic behind your comment about this going under a Github provider folder and if this were just a fetcher thing then I think it could make sense. However, I think that any checks written against this sort of evidence could possibly be applied to Bitbucket and GitLab repo hosting services too. Ideally this would go under some provider and within that provider we'd have fetchers in github, bitbucket, and gitlab subfolders and checks in their checks folder. I figured that since the auditree provider is already structured that way for repo integrity f/c's we could continue to put things in there. But I see your point. I suppose we could come up with another generic "provider" to put this under and then follow the same pattern as we have for repo integrity. What do you think about repo_host_service or repo_host or rhs as the provider?

[alfinkel]

@mlomena is there a check in the works?

[alfinkel]

re: fetcher location - I've added a "permissions" vendor in PR #39 and this github fetcher should live under there. Can you move all of the content in this PR to the appropriate sub-folders under the "permissions" vendor?

[alfinkel]

The "auditree" vendor will stay as is. The fetcher in this PR should go under the "permissions" vendor under "fetchers" and the "github" technology. So following the pattern in the auditree vendor structure: arboretum/permissions/fetchers/github.

[alfinkel]

I believe we're waiting on unit tests for the evidence code: See: https://github.com/ComplianceAsCode/auditree-arboretum/pull/38#pullrequestreview-521848231 - specifically:

... Also, for your evidence we would need unit tests included as well.

[mlomena]

@alfinkel Sorry for the long delay. I am now back from a long absence. I have moved the stuff in this PR to permissions and have added unit tests.

[alfinkel]

Can you squash commits down to one signed commit?