Hide real app secret_id

[xen]

• Now github api client initiated w/o init_app hook and consumer secret key hardcoded into code. Should be provided by local.cfg and hiden from code.
• Also before release should be added additional application ruled by fontforge organisation https://github.com/organizations/fontforge/settings/applications

[xen]

Sectet key should be kept in safe place. Manage applications on Github can user or organization. Now manager is me. Before release to real server we need to generate new application with its own credentials. I think it is safe to grant access to more than one person, so it is better to make new organization or use one already you have.

[davelab6]

@hash3g can this be closed?

[vitalyvolkov]

As secret_key is placed in config so user can override it before using app in production. It is ordinary practice. You can close this issue.