[GitHub-Plugin] New interstitial page to select OAuth Login scope

[lucamilanesio]

Hi all,

I would like to announce that I've pushed a *crucial* fix to the GitHub plugin: the ability to select the OAuth scope after having clicked the "Login" button in Gerrit.

When logging in to Gerrit using GitHub/OAuth, users are quite concerned about the level of access they grant. 

For this reason it is already possible to give the choice of multiple set of scopes in gerrit.config. 

See the example below:

[github]

        scopes = USER_EMAIL,PUBLIC_REPO,READ_ORG

        scopesPrivate = USER,REPO,READ_ORG

The default (scopes) allows to access *ONLY* the user's e-mail, public repo and organisation membership. By using the "scope=scopesPrivate" parameter, it is possible to provide extra access to user *FULL* profile, public and private repo and organisation.

With the new change [1] under review,  Gerrit login will provide an interstitial page. It allows the user to choose between default and Private scopes. It additionally shows a full and human-readable description of what are the implied permissions requested to GitHub.

Review and feedback are more than welcome :-)

P.S. I wish to "join" the path with the DavidO's GitHub OAuth plugin ... but, unfortunately, there are problems. DavidO's plugin is "bundled" with other OAuth providers (Google's) and secondly it relies on the OAuth Gerrit authentication. Gerrit OAuth native support is still very limited at the moment and wouldn't allow to introduce interstitial pages. I have then no alternatives but to continue the development on the github-plugin project that still uses the Gerrit HTTP authentication.

[1] https://gerrit-review.googlesource.com/#/c/70962/