Allow unauthenticated API calls

[MathijsR94]

Summary

• Remove the authentication gate so users can add usernames and view contribution heatmaps without a GitHub PAT or OAuth sign-in
• Add a public REST API fallback (/users/:username + /users/:username/events/public) that builds contribution calendars and stats from public event data when no token is configured
• Show a "Public activity only — sign in for full data" prompt on each card when using the unauthenticated path, linking to the sign-in flow
• Unlock all settings drawer sections (users, date range, display) for unauthenticated users; only org import remains gated behind auth
• Fixes Public data by default, PAT optional #36

Details

• New files: src/lib/githubRest.ts (REST API client), src/lib/fetchContributionsPublic.ts (builds ContributionsCollection from public events)
• Renamed github.ts → githubGraphQL.ts and fetchContributions.ts → fetchContributionsGraphQL.ts for clarity
• useContributions now branches into fetchAllAuthenticated vs fetchAllUnauthenticated paths based on whether a PAT exists
• Added needsAuth flag to UserResult type to signal partial data to the UI
• FetchValidationError no longer includes "missing-pat"
• SettingsDrawer refactored: extracted inline handlers, removed the "Sign in to configure" gate that hid all controls

Limitations

• Public events API only returns the last 90 days / 300 events, so historical data and long date ranges will be incomplete without auth
• Previous-period comparison is not available in unauthenticated mode
• Org filtering still requires authentication (GraphQL API)

[brdv]

Somehow, editing the org is disabled which can be funky if i received a state url;

[MathijsR94]

Somehow, editing the org is disabled which can be funky if i received a state url;

I have added a read-only state when a user receives a state with an organisation in it. It was disabled at first