Token and scope commands need password and 2FA consistency

[ingydotnet]

The commands that prompt for the GitHub password and possibly 2FA code need to
be refactored to use the same dance.

The flow for what happens when a wrong pw or code is entered needs testing and
polish.

This can replace #40.