GitHubOAuthenticator: check org_whitelist using check-membership api

[xuwaters]

Implement org_whitelist check using GitHub api check-membership
#226

[manics]

Unfortunately I haven't got time to test this at the moment. As mentioned in #226 (comment) the rules for getting the existing org authentication to work was complicated and took a lot of investigation with regards to public/private membership, different authenticator scopes, and permissions on the GitHub org. Could you outline what configs you have or haven't tested?

[minrk]

I was able to test this and it worked even better than I thought. In requesting read:org access I specifically elected not to grant read-access to the orgs that require such opt-ins to see how that would fail. I was able to still login based on my membership in those organizations, even though I hadn't granted jupyterhub read-access to those orgs, so I couldn't see the full user list. So even without granting read access to the org membership list, you can check the authorized user's membership in the organization.

I went ahead and added some debug-logging to the process, which helped me verify that this is working.