Implement GitHub secret validity checking

[tobias]

We already support GitHub's secret scanning, where they report Clojars tokens found in code and we notify the user and disable the token.

They also now support a response where we can signal if the secret was actually a valid Clojars token.

We currently return an empty response.

Todo:

• implement the validity response
• contact GitHub to have them include Clojars in validity checking

[tobias]

The changes to the endpoint have been deployed, and I've emailed Github.

[frenchy64]

According to the current list of providers, GitHub doesn't recognize clojars are supporting a validity check yet.

I think we should reopen this issue.

[tobias]

Thanks for bringing this back up @frenchy64. I checked my email history, and it looks like I last asked for an update from GitHub on 2024-06-21, but didn't get a response. I just pinged them again, and I'll re-open this as a reminder.