feat: Forage work sources with GitHub login and org member roles

Summary

• Add a Forage dashboard section: a collapsible sidebar group of work sources (feature requests, bug reports, feedback, and organization-only Grafana alerts), with the home route redirecting into it.
• Ship feature requests as a full server-rendered list + create flow backed by a new table, with each request attributed to the signed-in user via a foreign key.
• Add GitHub login alongside Google/OIDC (GitHub has no OIDC discovery, so it gets its own Ueberauth strategy), wired through HIVE_GITHUB_CLIENT_ID/_SECRET.
• Persist users on every login (upsert keyed on email; session stores only the user id) and introduce a single-tenant role model: org member when the email domain is in HIVE_ORG_DOMAINS (or none configured), otherwise external contributor. Organization-only sources are gated on membership; role is derived per request, not stored.

Testing

• mix test (34 tests, 0 failures)
• mix compile --warnings-as-errors
• mix format / mix credo --strict (no new findings)
• mix ecto.reset (migrations + seeds run clean)
• helm template hive infra/helm/hive -f infra/helm/hive/values-production.yaml

Follow-ups (ops, before deploy)

• Create the GitHub OAuth App (callback https://hive.tuist.dev/auth/github/callback) and store its credentials in the hive-github-oauth 1Password item, or the ExternalSecret will error.

No GitHub comments yet.