Feature request: dual tokens

[ndroid]

Thanks for your project.

For the use case of having separate data repository and stats repositories, it would be useful if separate tokens could be specified for the data repository and the stats repositories. Since write permissions are only necessary for the data repository, this would allow use of GITHUB_TOKEN for the data repository which would expire upon completion of the action. That way, only read permissions would need to be provided for the stats repositories in the PAT. This would be preferred to having a long-lived PAT with write permissions.

Perhaps for backwards compatibility a new input parameter could be used for specifying the data repository token which defaults to ghtoken if undefined.

[jgehrcke]

@ndroid sorry for the late response. Thank you for the lovely description. That proposal makes a lot of sense. The principle of least privilege is of course one we should enable users to apply here. Ack.

General remark: the fine-grained authorization via GitHub API tokens has evolved quite a bit since inception of this project here. I think by now the dust has indeed settled.