feature request: add token_sha256 response field #162
Description
When users request a token from Vault using this plugin, any actions they perform using that token will be listed as coming from an app in GitHub's audit logs. This limits the audit trail of which specific users or systems performed what actions. However, it is possible to search for actions performed using a specific token, as documented here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token
To help with traceability, I propose adding the sha256 of the token to the token response. Vault administrators can then turn off hashing of this field using vault secrets tune -audit-non-hmac-response-keys=token_sha256 github. After this the hash will appear in the Vault audit logs and can be traced back to a specific user.