Improve messaging when GitHub tokens need SSO authorization

[danepowell]

Composer could be more helpful if you are part of a GitHub organization but forget to enable SSO on your GitHub token. Ideally Composer would detect that SSO is not enabled on the token, or at least mention in the error message somewhere that lack of SSO could be the cause.

Specifically, if the following are true:

• You are part of a GitHub organization that requires SSO
• You have configured Composer to use a GitHub token
• You've not enabled SSO for that token
• You try to require a package from that organization (even if the package is public)

... then you get an error message:

Could not fetch [package], please review your configured GitHub OAuth token or enter a new one to access private repos

This is especially confusing when trying to download a public package. I know the error message says in part "review your configured token", but it's easy to infer that the token is missing rather than misconfigured. And then go through an endless loop of wondering why a token is even required for a public package, creating and setting a new token, and getting the same error message over and over until you realize the problem is missing SSO.

This might sound a bit like an edge case but I promise you nearly everyone in an SSO org has gone through this at least once (and in my case, multiple times 😄 )

[Seldaek]

It would be a lot easier if someone affected would work on a patch for this tbh, because without access to an SSO-enabled org this is going to be a pain to work on.

[danepowell]

I proposed a fix in #10432 . I'd appreciate if folks took it for a spin and provided feedback.