Consider switching to GitHub’s Fine-grained personal access tokens

[anthonyfok]

See https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/

If we do decide to go ahead with this, here are the suggested tasks:

• Enroll the OpenDRR (GitHub) organization to Fine-grained personal access tokens. See https://github.com/organizations/OpenDRR/settings/personal-access-tokens-onboarding
• (Optional) Add GitHub PAT verification with regex patterns, e.g. those listed in Peter Mescalchin's Gist at https://gist.github.com/magnetikonline/073afe7909ffdd6f10ef06a00bc3bc88
  • Personal access tokens (classic): ^ghp_[a-zA-Z0-9]{36}$ (40 characters in length, with a prefix of ghp_)
  • Fine-grained personal access tokens: ^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}$ (93 characters in length, with a prefix of github_pat_)
• (Optional) Disallow "classic" personal access tokens
• Update documentation