feat: Don't require installation id in github provider

[zachaller]

We can get the installation id via code following this: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation#using-an-installation-access-token-to-authenticate-as-an-app-installation

We should validate that this makes sense to do as well. Such as will this cause more API calls are there any downsides to doing this?

Maybe we support both modes where if an installation id is configured in secret we use it if not we programatically get it.

[alexymantha]

I had to do implement this in one of my projects and ended up with something similar to what you're suggesting in the last parahraph:

• User can provide a list of installation IDs. If it's provided, then that is used directly.
  • Having a list of installations makes it possible to have an configure an app that has access to multiple organizations.
• If not provided, then we use /app/installations to lookup what installations are available.

For the increase in API calls, I'm not 100% sure, but from my testing I don't think calls to /app/installations count against the rate limit because the rate-limit is bound to the installation but the call to /app/installations is done against the installation. It also does not return the usual rate limit headers.