Sort out GITHUB_BASIC_TOKEN

GITHUB_BASIC_TOKEN isn't actually set on our servers. We are just using GitHub's generous free quota of public access to read API's.

We should do one of:

• decide this will always be fine and just delete all the GITHUB_BASIC_TOKEN code.
• leave the code there in case we want it in the future, in which case test it actually works with a token, document it and tidy up code so no header is sent if no token