Add a shell script to authenticate with gh as an App

In Git for Windows' automation, we do a lot with Javascript, but
sometimes it is also convenient to use the GitHub CLI (`gh`) in a shell
script.

Sadly, the scope of the `GITHUB_TOKEN` provided in GitHub workflows is
often too limited, and we'd like to authenticate as a GitHub App
instead. Even more sadly, authenticating with `gh` this way is quite
complicated and fraught with problems because the token _needs_ to be
masked in the GitHub workflow logs.

Rejoice! This patch brings a shell script that hides all that nasty
complexity. All it needs are the environment variables:

- GH_APP_ID

- GH_APP_PRIVATE_KEY

- GITHUB_REPOSITORY

and of course `gh` on the `PATH`. That's it!

Signed-off-by: Johannes Schindelin <[email protected]>

Author: dscho

gh-cli-auth-as-app.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+node -e '(async () => {
+  const [owner, repo] = process.env.GITHUB_REPOSITORY.split("/")
+  const getAppInstallationId = require("./get-app-installation-id")
+  const installationId = await getAppInstallationId(
+    console,
+    process.env.GH_APP_ID,
+    process.env.GH_APP_PRIVATE_KEY,
+    owner,
+    repo
+  )
+  const getInstallationAccessToken = require("./get-installation-access-token")
+  const token = await getInstallationAccessToken(
+    console,
+    process.env.GH_APP_ID,
+    process.env.GH_APP_PRIVATE_KEY,
+    installationId
+  )
+  process.stderr.write(`::add-mask::${token.token}\n`)
+  process.stdout.write(token.token)
+})().catch(e => {
+  process.stderr.write(JSON.stringify(e, null, 2))
+  process.exit(1)
+})' | gh auth login --with-token