If they're requesting all the permissions then you shouldn't use them. If a random note taking app asks to read my contacts the first time I launch it then I'm going to assume it's malicious.
I meant more in general terms - apps are requesting more permissions than I want to grant them. I would like to see services allow users to limit the permissions actually granted.
JIRA wants all the source code for your entire organisation.
Tailscale wants to read all the organisations you're a member of.
The problem is not just limited to Github. Grafana's Slack apps want to be able to read the entire Slack organisation, post messages as me, and a whole bunch of other things I'm just not comfortable giving it.
