fix: org level tokens no longer functioned without new * syntax (#231)

Adding * to request/allowed access list caused empty [] comparison to no
longer be treated as an action that worked on org level resources

fix: invalid format when requesting all permissions (#230)

This PR fixes an issue where a nil permissions map was sent to the
GitHub API when requesting a token, causing a 500 error from GitHub

The fix initializes the permissions map to an empty map and only
populates it if permissions are provided. This ensures that the request
sent to GitHub is always in a valid format.

Additionally, this PR adds logging for the token request to improve
observability.

fix: requests with no permissions against a scope that supports insta…

…lled permissions instead of a fixed list fails (#229)

Minty allows requests for without permissions in the request object.
This is uses the set of permissions defined at the scope level and
replaces the empty set in the request with what is in the scope.

Unfortunately, when a request like this asks for a scope that specifies
the special indicator "*", that says to use whatever the installed app
allows, the request fails because it has replaced the request
permissions (nil) with a value of {"*":"*"} which GitHub doesn't
understand.

The fix is to catch this scenario, and set the request permissions to
`nil` which indicates to GitHub to grant whatever permissions are
defined on the app.

This PR comes with additional testing logic around this area to
hopefully help catch future regressions as the logic here is a bit
complicated.

feat: allow a config doc with no defined permissions that allows anyt…

…hing that the installed app allows (#228)

The current implementation requires the config file to call out which
specific sets of permissions are needed for a given scope. This is fine
in most cases where we want to request a lesser set of permissions than
the app provides, but in some cases we really just want to take whatever
the app has defined.

Adding a new permission becomes a multi-step process where we first
change the permissions on the app, then update every config file that
might need to use those permissions. This is particularly painful when
dealing with the `minty.yaml` stored in the `.minty` repository as we
more broadly rollout cross org automation of GitHub via terraform.

fix: additional handling for missing repos (#227)

fix: missing repo fails on the initial token look request, not on the…

… file contents request (#226)

Switch to org level token seems to have changed the error from a 404 to
a 422. Leaving both just in case.

fix: account for completely missing repos in the config loader chain (#…

…225)

feat: take the target org as a parameter on the request (#219)

This will default to the org in the OIDC claim.

Currently, requests use the parsed org name from the OIDC claim which is
fine if you are only ever requesting permissions to act on your own org,
but in the case of GitHub administration we need to be able to target an
org (A) from a central repository in another org (B).

fix: treat a missing org level repo as a 'not found' scenario instead…

… of a hard failure (#206)

Fixes #205 

Attempts to mint a token for a nonexistent repository were causing hard
failures instead of being handled correctly. In this scenario the
correct thing to do is to treat it as if the file is not found and
continue processing up the tree looking for other files that might
contain the requested scope.

feat: implement slog/LogValuer to redact private keys no matter where…

… they are logged (#204)

Fixes #201 

This will prevent accidental of logging of private keys if the config
object gets logged.