MM-69450: Notify users when GitHub SAML SSO or token auth fails

[jgheithcock]

Summary

When GitHub API calls fail due to revoked tokens (401) or SAML SSO authorization issues (403), the plugin previously logged the errors server-side but gave users no indication they needed to reconnect. This routes those failures through the existing handleRevokedToken flow, which force-disconnects the account and sends the bot DM telling the user to run /github connect again.

Changes:

• Add isGitHubAuthFailure to detect 401 and SAML-specific 403 errors from both go-github (REST) and githubv4 (GraphQL) error shapes.
• Extend useGitHubClient and wire up getLHSData / getPrsDetails paths that previously bypassed it.
• Bubble up the first per-org error from GetLHSData so SAML failures are not swallowed when other orgs succeed.
• Add unit tests for error detection and notification behavior.

Ticket Link

https://mattermost.atlassian.net/browse/MM-69450

Checklist

• make check-style
• go test ./server/plugin/...
• Stash regression check: SAML 403 test cases fail without the fix, pass with it

[jgheithcock]

@coderabbitai

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch mm-69450-surface-auth-errors

---

_{Comment @coderabbitai help to get the list of available commands.}