Reduce Github integration permissions

[mchelen-gov]

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Is your feature request related to a problem? Please describe.
When trying to load or save a file from Github, diagrams.net app asks for a large number of permissions which are unnecessary.

Describe the solution you'd like
Reduce diagrams.net Github app permission requests to only "Code"

Describe alternatives you've considered
Only allowing read/write to "public" repos would be a nice option if possible.

Additional context
All the other requested perms (issues, deploy keys, webhooks, etc) do not seem to be used by the app in any way.

[davidjgraph]

Can you explain exactly which scope you're suggesting - https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ ?

[mchelen-gov]

Can you explain exactly which scope you're suggesting - https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ ?

Hmm interesting, it appears that the repo scope includes all these perms? It might be nice to have the option for public_repo or gist only scope, I know that doesn't cover all use cases though.

I'm not sure why Github does not include any finer OAuth scopes, such as read/write code access without access to settings or collaboration invites, or even a read-only scope jollygoodcode/jollygoodcode.github.io#6

Similarly, it appears OAuth scopes cannot be applied on a per-repo basis. Maybe there is an alternate integration approach using deployment keys? https://stackoverflow.com/questions/26372417/github-oauth2-token-how-to-restrict-access-to-read-a-single-private-repo

It seems like another recommendation is to move from OAuth to Github Apps isaacs/github#731 (comment)

[davidjgraph]

Implementing as GitHub app #2284