[PLUGIN] Beta: GitHub Token security

[Mara-Li]

Hello!
The discussion (& the issue) in #160 / #157 I choosen to change the way the github token is stored. Before that, the token was copied in your data.json in raw, so it was a big breach when uploading/sharing your settings.

So, how it works, now ?

I rely on the subtleCrypto Web API, directly accessible without node. The plugin will generate in another file the public & private key, and generate a crypted key that will be stored in the settings.

The key are stored in a JSON file (keyPair.json) in the plugin folder, so it will be sync without any problem.

Warning
NEVER SHARE THIS FILE WITH ANYONE.

The button "regenerate" allow you to regenerate the key and the encrypted token, in case of a problem.

[Mara-Li]

Okay, so CryptoSubtle doesn't work the way I want. For example, each GitHub Sync provoke another keyPair, so it broke a loooooot the things.

In another way, I just choose to move the raw token in another file, and delete it from the settings. So, when you share your data.json, the token won't be there.

TBH, it doesn't change the things a lot, but I needed to edit the data.json and update the migration to validate the deletion. Normally, everything will be as smooth as possible.

So, if you applied the update, you need to retake your old github token, and set it as before. The new file will be generated like an environment file, in the plugin folder, named env, in the form of "GITHUB_TOKEN=token".

Warning
Never share this file!

Also, you can safely delete the keyPair.json file!