Reduce breadth of auth scope if GitHub ever makes it possible

[retroplasma]

It wants write-access to public repos and can read deploy keys etc:

[ches]

@waf can comment on this, but in short if GitHub had more granular scopes for us to get the privileges we need and not excessive ones we don't, we would use them. It's been a very common complaint of many developers of GitHub integrations, I believe there are link references somewhere in the history of this project's issues to pleas on GitHub's public channels.

It's possible the situation has changed since we last looked into this, if so information to the contrary is welcome, and as always, pull requests.

[waf]

@ches has summed it up nicely. See https://github.com/dear-github/dear-github/issues/113 for a good summary of the issue. I would really like to have more narrow scopes; if you know of a better way I'd be happy to use it.

The only consolation is that the app is open source and runs on GitHub pages, so you can be (reasonably) certain of what the app is doing.