Clarify required GitHub & GitLab token permissions

[JohnStrunk]

Is your feature request related to a problem? If so, please describe the problem:
In the docs, the description of the required permissions for the GH & GL tokens is quite vague. They also seem to imply a higher level of access than I would expect. For example:

https://oss-augur.readthedocs.io/en/main/getting-started/installation.html#backend:

Required:
GitHub Access Token (repo and all read scopes except enterprise)
GitLab Access Token

From the GH docs, repo scope "Grants full access to public and private repositories including read and write access to code, commit statuses, repository invitations, collaborators, deployment statuses, and repository webhooks. Note: In addition to repository related resources, the repo scope also grants access to manage organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users."

This seems like way too much access.

Potential solutions:
It would be good to have a clear description of exactly what permissions are needed and how to properly create such a token. For example, with GH, I assume this requires a "Classic token" as opposed to a fine-grained one? And, is a no-scope token sufficient (i.e., leave all the boxes unchecked)? This appears to give read-only access to public information.

We also need the equivalent for GitLab.

Additional context:
Add any other context or screenshots about the feature request here.

[cdolfi]

adding context from @sgoggins in chat: I just created a token without any repo permissions and ran it on an augur instance and it works fine without those permissions. No issues with not including them exist.