Hi, there are many people out there who want to host nbviewer internally in a secure environment and render notebooks from private GitHub repositories.

The only way right now to view private repositories is by adding an access token to the configuration. The problem with this is that now everyone with access to the nbviewer instance can see the contents of all the repositories the token has access to.

There is an easy and lightweight solution for that which allows users to access only repositories they have access to.

It's possible to use a proxy like https://github.com/oauth2-proxy/oauth2-proxy to protect the nbiewer instance from public access. With oauth2-proxy it's also possible to add the provider, in this case, Github, access-token to the requests forwarded to the nbviewer instance.
This request token could then be used by nbviewer to authenticate against the external APIs.

While I totally understand that the mission of nbviewer is different I'd still like to propose this feature as the changes introduced would be minor.

What changes are required

A new configuration value (environment variable) needs to be introduced to configure the header from which the token should be retrieved. If this configuration value is not set nothing changes.
In case the value is set the Github client is instantiated using the token from the header when available, if the value is not available it will fall back to the normal flow.

I'm happy to provide a PR with these changes in case you're fine with the proposal.

Describe alternatives you've considered

Alternatives are discussed in #563, #556, #402, and others but none of them is sophisticating.