docs: add oauth token info to github docs (#2218)

## Description:
Add information about OAuth token scopes, primarily to explain the
reason `github login` asks for write permission.

## Is this change user facing?
YES

docs/docs/cli-reference/engine-start.md

@@ -15,5 +15,6 @@ You may optionally pass in the following flags with this command:
 * `--log-level`: The level that the started engine should log at. Options include: `panic`, `fatal`, `error`, `warning`, `info`, `debug`, or `trace`. The engine logs at the `info` level by default.
 * `--version`: The version (Docker tag) of the Kurtosis engine that should be started. If not set, the engine will start up with the default version.
 * `--enclave-pool-size`: The size of the Kurtosis engine enclave pool. The enclave pool is a component of the Kurtosis engine that allows us to create and maintain 'n' number of idle enclaves for future use. This functionality allows to improve the performance for each new creation enclave request.
+* `--github-auth-token`: The auth token to use for authorizing GitHub operations. If set, this will override the currently logged in GitHub user from `kurtosis github login`, if one exists. Note, this token does not persist when restarting the engine.
 
 CAUTION: The `--enclave-pool-size` flag is only available for Kubernetes.

docs/docs/guides/running-private-packages.md

@@ -5,7 +5,7 @@ slug: /private-packages
 sidebar_position: 14
 ---
 
-Kurtosis CLI supports the ability to run private packages hosted on GitHub via `kurtosis github login`. This guide assumes that you have [Kurtosis installed](../get-started/installing-the-cli.md) and a package hosted GitHub that is private.
+Kurtosis CLI supports the ability to run private packages hosted on GitHub via `kurtosis github login`. This guide assumes that you have [Kurtosis installed](../get-started/installing-the-cli.md) and a package hosted on GitHub that is private.
 
 :::note
 GitHub Login is not yet supported over Kubernetes backend. Please create an [issue](https://github.com/kurtosis-tech/kurtosis/issues) to request this feature!
@@ -28,7 +28,11 @@ A GitHub screen should pop up in your browser instructing you to enter the one-t
 
 After entering the code, GitHub will prompt you to authorize Kurtosis CLI. Kurtosis CLI requests [`repo`](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes) access to repositories for the ability to read and pull from private repositories.
 
-:::info Private Packages within GitHub Orgs
+:::info OAuth Token Scopes
+While `repo` gives Kurtosis read and write access to private repositories, Kurtosis only performs read operations. GitHub does not support a [`repo:read`](https://github.com/jollygoodcode/jollygoodcode.github.io/issues/6) OAuth scope, but an alternative is to use a [fine-grained personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens) to restrict Kurtosis CLI read/write and repository permissions. This token can be passed to Kurtosis CLI via the [`kurtosis engine start --github-auth-token=<>`](../cli-reference/engine-start.md) flag.
+:::
+
+:::note Private Packages within GitHub Orgs
 If the private package you'd like to develop on lives in a GitHub org, the organization must also authorize Kurtosis CLI. To have an organization you are a part of authorize Kurtosis CLI, click the `Request` button next to the organization name on the authorization page, then notify your org admins to accept the request via email.
 :::