Check scope of GITHUB_PAT

[krlmlr]

before performing actions.

By default I'm using a very poorly scoped PAT if any, only adding a powerful one if needed. Protection against shooting myself in the foot.

[pat-s]

The one used currently is the one provided by GitHub during every GHA build.
It only aims to prevent {remotes} rate limit issues.

If there is a more powerful one needed, the respective secret name would need to be updated.

[pat-s]

What would be a possible action by {tic} depending on path's scope?

[pat-s]

Unless there are some special tasks being executed (like workflow updates) the default PAT inserted by GitHub does the job.

I don't think we need to specifically check a PAT's scope, at least not now. People who need special scopes usually know that they need to add one to the build and reference it accordingly.

[krlmlr]

This is about the token used in use_tic() . Agree we don't need special handling inside GHA.