feat: bring-your-own-token (BYOT) support for GitHub PAT (closes #5 partial)

[Ys876]

Closes #5 (partial, implements the "Bring Your Own Token" flow; OAuth login left for a separate PR)

What this adds

Users can now paste a GitHub Personal Access Token (PAT) directly in the header to:

• Remove rate limits when analyzing public repositories
• Access private repositories without OAuth (using a PAT with repo scope)

Changes

New files

• src/lib/use-github-token.ts — useGitHubToken hook that reads/writes the PAT in localStorage. Token is never logged or sent to analytics.
• src/components/GitHubTokenModal.tsx — modal UI for entering, verifying, and clearing the PAT

Modified files

• src/components/AuthButton.tsx — adds a token indicator button ("Add token" / "Your token") that opens the modal. Works for both signed-in and anonymous users.

Security guarantees

• Token stored only in localStorage — no server persistence, no analytics
• Input is type="password" by default, with a show/hide toggle
• Token is validated by calling /user on the GitHub API directly from the browser before being saved — never touches the server
• Token is never sent to any RepoMind endpoint

Testing

• Open the app → "Add token" button visible in header
• Click → modal opens, paste a valid PAT → click "Verify token"
• If valid: shows authenticated username, "Save and use this token" activates
• If invalid: red error message shown
• After save: header shows green "Your token" indicator
• Refreshing: token persists from localStorage
• Clicking "Remove" clears localStorage and resets indicator

What's left from #5

• OAuth GitHub login (web flow) with minimal scopes — separate PR
• Passing user token through server-side API route calls

The BYOT flow is self-contained and ships immediate value to users hitting rate limits.

[vercel]

@Ys876 is attempting to deploy a commit to the repomindagent-7990's projects Team on Vercel.

A member of the Team first needs to authorize it.