Until now, we've only supported classic Personal Access Tokens for

authenticating with GitHub. While these aren't going away (yet), we

really ought to support the newer fine-grained tokens.
This change adds support for those. This is mostly handled through

documentation and validation--our existing validator needed to be

updated because access with a fine-grained PAT does not return the

x-oauth-scopes header. We therefore attempt to access an endpoint inside

check_repository which requires the necessary permissions in order to

detect this prior to actual usage.
While in here, I realized that the scopes we ask for on classic PATs are

excessive. We were asking for "user", "repo", and "admin:repo_hook".

While we do access the /user/ API endpoint, this doesn't actually

require the user scope for read. We also don't automatically create

webhooks, we only show some instructions, so the repo_hook scope was

never necessary either.

Added a fine-grained PAT with the necessary permissions and verified

  that GitHub functionality worked as expected.
Verified that a classic PAT still worked as expected.
Ran unit tests.
Built the manual and checked the changed pages.
Tested the remote-repositories API endpoint with both classic PATs

  (with only the "repo" scope) and fine-grained PATs (with the

  "Metadata" and "Contents" permissions)