Thank you @Lee for the detailed and clarifying answer!
The (future) GitOps based integration and interaction with one’s repositories in GH makes completely sense. I wish GH would support more fine-grained access control to (private) repositories, though, for apps (or does it?).
In absence of that, I think I would prefer separate accounts for integrations like this… obviously this has disadvantages as well.
I’m not sure I understand the security related implications of such integrations, for instance the risk and consequences of the app requesting access being compromised. It would also be nice to be informed whether and how access can be revoked, and information exchanged be deleted before pressing the button (and having to dig around in documentation to find out).
