Reword Security Consideration for using a GitHub App

[dgholz]

I reworded the section to be more imperative: describe what the user should do to improve the security. And described what privileged access the GitHub App would have (and why), and the potential security concerns.

I also summarised the argument against using separate private keys for the GitHub App to just say 'GitHub App credentials can be used on any repo'. And dropped the mention of fine-grained tokens, as GitHub Apps don't support them.