feedback should work off of even sources

[xmo-odoo]

Technically we can get odd events from any source not just repositories proper, thus we may need to send feedback to any source. As such it would make sense for feedback to work off of sources.

• there's no token associated to sources, so we may need tokens associated with sources (and / or sources associated with projects)
• the repository id we currently send to needs to be remapped to source ids (maybe convert repository_id to a compute which translates to sources)
• or maybe support sources in addition to repos? would be easier to migrate at least

[xmo-odoo]

After testing fine grained personal tokens a bit in case we'd have the (dumb) idea of using them:

• the organisation owning the repository* needs to be opted into fine grained tokens (for coarse-grained PATs it's allowed by default although while setting up FGTs you can disable PAT access)
• even though a user only needs read access to a repo to leave a comment on an issue or PR, FGTs need write access to the issue or PR, you know, cool shit, because when my bot is able to leave comments on a PR I definitely want it to be able to delete any other comment and close the fucking PR

I assume github hates FGTs and only implemented them due to popular demand, because holy crap.