people can create ad hoc github apps (which is basically like an identity / service principal) and then add an action to fetch a token for that given app in the pipeline.
This will avoid having to create and store pats and at the same time it will not bind the pipelines to one person.
Creating a github app and adding the step in the pipeline to retrieve the token requires literally just minutes.
As mentioned by @danielealbano on LinkedIn:
More details.