refactor: simplify auth flow to avoid Github API calls as much as possible

Attempts to handle use cases that don't require repository permission
lookups first to avoid hitting the Github API.
When we do need to look at repository permissions, still attempts to use
a global cache of public/private flags for repos so if any user has pulled
that repo's info, and it's a public repo we can resolve read related
permissions without hitting the API.
When we need to load the details for a repository, load the user's full
listing of repositories en masse/batch.
Whenever we load a repo store the public/private fag in global cache.
Improve the test suite to handle many of the typical cases.

Author: sgtcoolguy