Handle the absence of write:org access gracefully

[ruuda]

Currently to scan a GitHub organization, we need write access to the organization:

github-access-manager/main.py

Lines 25 to 28 in 2d7e982

	* "admin:org", which when checked implies both "read:org" and "write:org".
	This application does not modify the organization, but some organization-wide
	settings, such as the default repository permission, can only be read with
	the full "admin:org" permission, and not with "read:org".

Unfortunately the GitHub API works this way, so to check the default repository permissions, we need admin:org on the token. However, if we have a token that doesn’t have admin:org, we could handle that gracefully and just not verify the organization-wide settings, and still verify everything else.

I would feel much more comfortable running this on an automated schedule with an access token that only grants read-only access.