fix: remove private repository scope from github oauth

[Niteshagarwal01]

---

Summary

This PR removes the unnecessary repo scope from the GitHub OAuth flow to prevent requesting access to users' private repositories. This addresses user privacy concerns, adheres to the principle of least privilege, and ensures the application only requests the minimum essential scopes (read:user, user:email, read:discussion) required for authentication and basic profile info.

(Note: I worked on this PR as the associated issue was assigned to me under GSSoC 2026.)

Closes #1088

Type of Change

• Bug fix
• New feature
• Documentation update
• Refactor / code cleanup

Changes Made

• src/lib/auth.ts: Removed the repo scope from the GitHubProvider authorization parameters.
• src/app/api/auth/link-github/route.ts: Removed the repo scope from the URL search parameters when a user links their GitHub account.

How to Test

Steps for the reviewer to verify this works:

1. Pull this branch and run the application locally.
2. Sign out if you are currently signed in.
3. Click "Sign in with GitHub" (or the link account option).
4. On the GitHub authorization screen, observe that the application no longer requests access to private repositories.

Screenshots (if UI change)

N/A - This is an OAuth permission scope change.

Checklist

• Linked issue in summary
• npm run lint passes locally
• No TypeScript errors (npm run type-check)
• Self-reviewed the diff
• Added/updated tests if applicable (N/A)

---

You can just copy and paste this into GitHub when you open your PR!

[vercel]

@Niteshagarwal01 is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[github-actions]

Thanks for your first PR on DevTrack! 🎉

A maintainer will review it within 48 hours. While you wait:

• Make sure CI is passing (type-check + lint)
• Double-check the PR description is filled out and the issue is linked
• Feel free to ask questions in Discussions if you need help

If you find DevTrack useful, a ⭐ star on the repo is always appreciated — it helps the project grow and attract more contributors!