Overhaul docmentation of REST authentication (especially GitHub)

[briandominick]

Issue

The README currently tells users to set GITHUB_TOKEN (or the ReleaseHx defaults) manually, but the issuer rake task already shows a better workflow: reuse gh auth token when available, allow the token name to be configured, avoid printing the secret, and run bundle exec rhx with the token scoped to that command.

ReleaseHx itself also supports configurable token names (origin.auth.key_env) and an untracked credentials file yet the README doesn’t explain how these interact with or take advantage of a smarter GitHub CLI flow.

For GitHub users who use the gh CLI tool, REST authentication can be made smoother if their executions of rhx have a way to ensure that every request has a proper token available. I'm still experimenting with this, but it might help get users up and running faster. We'll add this in as well.

Work

• Outline the recommended process (set the env var via gh auth token, or point origin.auth.key_env at the preferred name, optionally store the token in the untracked credentials file) in the GitHub authentication section of README.adoc.
• Improve documentation of this entire flow, detailing and clarifying token usage, HTTPS vs SSH, etc, REST vs gh, etc.
• Consider publishing a helper script / Rake task / MVC tool that invokes the flow in the local application context. (Separate work item, if so.)