Github token permissions

[ralight]

The documentation currently suggests creating a github token with permissions to everything, including delete_repo and admin:write:org. This isn't great, could you please find out what is actually necessary and update the docs?

[ralight]

repo:public_repo seems to be enough for public repositories - but my test is from getting updated data with a setup that was originally configured using a token with much greater access.

[stuartlangridge]

microsoft/ghcrawler#97 is the upstream ghcrawler issue for this, although obviously they don't know exactly what's being fetched, and we do for Measure, so we should be able to work it out.

[stuartlangridge]

We probably also need read:user and user:email for contributor information.

[grooverdan]

read:org is probably needed for teams, collaborators. There's also an events but don't know yet what that requires.

Seems X-Accepted-OAuth-Scopes response header described in https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ could be used to narrow down the requirement.