Improve Otto configuration with separate secrets handling

[austinlparker]

Enhance Otto's configuration approach by:

1. Separating normal configuration from secret configuration for better security
2. Replacing GitHub PAT authentication with OIDC through GitHub App auth
3. Ensuring secure handling of webhook secrets and tokens

This will improve security posture and follow best practices for sensitive credential management.

Based on feedback from PR #3: #3 (comment)