Split GitHub Perms

[dcramer]

This is a little bit hitting undo on what we did previously, but lets find a good pattern to split permissions.

We'd like three things:

1. "Login via GitHub", which requires no repo permissions (user:email,read:org)
2. "Allow public repos" (public_repo)
3. "Allow private repos" (repo)

The problem we had before was reauthorizing GitHub seemed to clear the previous scopes we had requested. There must be a way to avoid that, otherwise we'll have to reauthenticate each time a user wants to add a new repo.