github: Use noreply email if public email is private.

[wlynch]

Overview

This change adds an option to Dex to return these emails instead of fetching
their primary email. Since this only appears to work for public and
Enterprise Cloud flavors of GitHub (notably this doesn't appear to be
supported on Enterprise Server), this is restricted to the github.com
domain for now.

What this PR does / why we need it

GitHub has a feature for commit emails that allows users to set a noreply email that uniquely identifies them in commit messages:

{id}+{login}@users.noreply.github.com

See https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#about-commit-email-addresses

This is typically used on GitHub to associated user accounts with
commits without exposing the users real email.
Dex can use this in a similar manner to ID users in a stable way without
needing to fetch emails marked as private on GitHub.

Fixes #2617
Part of sigstore/gitsign#65

Special notes for your reviewer

Does this PR introduce a user-facing change?

Adds new config option "noreplyPrivateEmail" to GitHub connector. 
If set, configures the connector to use
{id}+{login}@users.noreply.github.com as the user email if the user has
marked their email as private on GitHub.
Only works for public and Enterprise Cloud versions of GitHub (i.e. github.com).

[haydentherapper]

This is a great change, thanks!

[wlynch]

@sagikazarmark would you be able to take a look at this? 👀

[wlynch]

Friendly bump. Let me know if there's anything I can do on my end to move this along! 🙏