Notify the user when refreshing a personal access token

[markfields]

I got a notification email from Azure Devops this morning that "a new personal access token was added to your organization" at a time I was not doing anything with Git (I only had my email open on my computer). I dug into it to convince myself my credentials were safe, and indeed found an entry in the Windows Event Log from GCM for Windows at that same time. However, it was a bit unsettling, especially since the language in the mail is so strong ("If you did not make this change, your credentials may have been compromised and we suggest changing your password").

If I had been trying to git pull or something at that time, I wouldn't have been worried, but given the background refresh I would have liked to see a notification in the OS that it reached out to the Git server for a new token.

Also, this may not be a GCM issue, but the Origination IP Address from the Azure DevOps notification was not known to me - although I did confirm via an internet search that it's at least owned by my company.