GitHub import + OAuth: OAuth auth method doesn't allow import of collaborators

As our docs state, the repo scope is needed for GitHub imports. And if you want to import collaborators, you need the read:org scope as well.

If a user is authenticating their import with a personal access token from GitHub, selecting these scopes is done manually.

If a user wants to use OAuth to authenticate their import, which may be beneficial for rate limiting reasons, the token is obtained via an oauth flow with hard-coded scopes. The code that does this is in app/controllers/concerns/import/github_oauth.rb.

Right now, the hard-coded scopes requested are 'repo, user, user:email'

As far as I can tell, the scopes were added here but there is no conversation in that MR about why all 3 were added when we just need repo.

In addition, if someone wants to import collaborators, we should add the read:org scope.

The workaround right now is to use a PAT instead of OAuth to authenticate a GitHub import.