docs(github): document authentication for private repositories

[Ruby-Leung]

Resolves #516.

Adds a Private repositories section to the GitHub driver docs explaining how to authenticate against a private repo, following @pi0's guidance in the issue:

• Use a fine-grained PAT (read-only Contents) or a classic PAT (repo scope), passed via the token option.
• Read the token from an environment variable rather than hard-coding it.
• Note that the same token authenticates both the key-listing GitHub API call and the raw content fetch.
• Note that GitHub Apps are not supported.

Docs-only change; no code changes.

Summary by CodeRabbit

• Documentation
  • Added comprehensive documentation for accessing private GitHub repositories, including instructions for token configuration, required permission scopes, and example usage.

[coderabbitai]

Lost in the diff? Review this PR in Change Stack to follow the change map from intent to exact ranges.

📝 Walkthrough

Walkthrough

Added a "Private repositories" section to the GitHub driver documentation explaining how to authenticate with a token for private repository access, including required permissions, configuration examples using environment variables, and a note clarifying GitHub Apps are not supported.

Changes

GitHub Private Repository Documentation

Layer / File(s)	Summary
Private repository access documentation docs/2.drivers/github.md	New section documents token-based access for private repositories, covering token scope requirements (fine-grained Contents or classic repo), usage in both key listing and file fetching, environment-variable configuration pattern, and GitHub Apps unsupported note.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A token to unlock the hidden treasure,
Private repos now flow with measured pleasure,
No more confusion, just clear paths to follow,
GitHub's secrets no longer hollow!
The docs shine bright, so crystal clear. 🔑✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: documenting authentication for private GitHub repositories, which matches the documentation additions in the changeset.
Linked Issues check	✅ Passed	The pull request fully addresses all objectives from issue #516: documents how to obtain and supply tokens, specifies required scopes (fine-grained Contents or classic repo), demonstrates the token option, recommends environment variables, and notes GitHub App limitations.
Out of Scope Changes check	✅ Passed	All changes are directly related to documenting private GitHub repository authentication as specified in issue #516; no unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/2.drivers/github.md`:
- Around line 38-40: Update the earlier statement that currently says the GitHub
token is only used for key fetching to match the "## Private repositories"
section: change the sentence around Line 13 so it states the provided `token` is
used for both listing keys via the GitHub API and for fetching raw file contents
from the CDN (i.e., requires read access to repo contents). Ensure the wording
aligns with the header "## Private repositories" and mentions the `token` option
explicitly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f93fe80-0f74-4780-ad55-da1f769a9209

📥 Commits

Reviewing files that changed from the base of the PR and between 2727956 and cbd14d3.

📒 Files selected for processing (1)

• docs/2.drivers/github.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Resolve contradiction with the earlier token behavior statement.

This new section correctly says the token is used for both key listing and raw content fetch, but Line 13 still says token usage only applies to key fetching. Please update the earlier sentence to avoid conflicting guidance.

Suggested doc patch

-This driver fetches all possible keys once and keep it in cache for 10 minutes. Due to GitHub rate limit, it is highly recommended to provide a token. It only applies to fetching keys.
+This driver fetches all possible keys once and keeps them in cache for 10 minutes. Due to GitHub rate limits, providing a token is highly recommended. The token is used for key listing and raw content fetching.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/2.drivers/github.md` around lines 38 - 40, Update the earlier statement
that currently says the GitHub token is only used for key fetching to match the
"## Private repositories" section: change the sentence around Line 13 so it
states the provided `token` is used for both listing keys via the GitHub API and
for fetching raw file contents from the CDN (i.e., requires read access to repo
contents). Ensure the wording aligns with the header "## Private repositories"
and mentions the `token` option explicitly.