Netlify-cms: GitHub Backend o-auth permissions set too widely

I suppose making this configurable would be fine, just might require some error handling around attempts to access restricted repos.

Proposing:

1. Keep the current default, it's important that this "just works"
2. Accept an auth_scope property under backend in config.yml
3. Restrict accepted values to those that work for the CMS, currently repo and public_repo

Thoughts?

cc/ @Benaiah @talves @tech4him1

@erquhart The screen capture implies the login has access to ALL repos within the login. Is that true or is it only the repo logging into?

@talves It has access to every repo on your account -- the only two OAuth scopes available for repo access are repo (ALL repos) and public_repo (write access to ALL public repos).

The permissions are insane. I don't need Netlify to have read/write permissions over ALL repo's and I don't need Netlify to have organization access. What for does Netlify need this? Plus, the default setting is that it wants PUBLIC and PRIVATE repo access? Seriously, this is red flags all over for me and it's making me not want to use Netlify.

See the comment before yours:

the only two OAuth scopes available for repo access are repo (ALL repos) and public_repo (write access to ALL public repos).

That's GitHub's decision, not Netlify's.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

I'm going to prioritize this one to better support the open authoring workflow (no need for private repository access)