Consolidate README onboarding into a single deduplicated setup flow

[Copilot]

README onboarding content repeated the same guidance across Installation, Quick Start, and Setting up with your agent, which made setup harder to scan. This change merges those into one concise section while preserving all required operational and safety instructions.

• Unified onboarding

  • Replaced three overlapping sections with a single Installation and agent setup section.
  • Kept install paths (pipx, pip, source) and setup flow in one place.

• Deduplicated agent/token guidance

  • Consolidated write token setup (ghsudo --setup <org>), read-only agent token configuration, template file placement (CLAUDE.md / AGENTS.md), and verification commands.
  • Removed repeated explanations and repeated command examples.

• Preserved critical operational notes

  • Retained HTTPS remote + gh auth setup-git requirement for push/pull with elevated token.
  • Retained dedicated-terminal warning to avoid inheriting writable gh credentials.
  • Retained platform support note and write-operation command examples.

• Resulting streamlined setup flow

  pipx install ghsudo
  ghsudo --setup <org>
  echo "<your-read-only-token>" | gh auth login --hostname github.com --with-token
  # or: export GH_TOKEN=<your-read-only-token>
  ghsudo --verify <org>
  ghsudo --list

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

This PR streamlines the README onboarding flow by consolidating overlapping installation, quick start, and agent setup guidance into a single “Installation and agent setup” section, aiming to make setup easier to scan while retaining key safety/operational notes.

Changes:

• Replaced separate Installation / Quick Start / Agent setup sections with a unified onboarding section.
• Deduplicated token setup + agent instructions guidance and centralized verification commands.
• Preserved key operational notes (HTTPS remotes for git push/pull, gh auth setup-git, dedicated terminal warning, platform support).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The recommended read-only setup uses gh auth login, but that authentication is persisted in gh’s global config (it’s not limited to a single terminal). The current “dedicated terminal/subshell” warning reads like terminal isolation is sufficient, which isn’t true unless you instead use GH_TOKEN/GITHUB_TOKEN env vars or a separate GH_CONFIG_DIR for the agent. Consider clarifying the persistence/restore steps (or recommending env-var / separate config dir for agent sessions) so users don’t accidentally overwrite their normal gh login or get a false sense of isolation.

[Copilot]

The instructions point users to copy CLAUDE-example.md / AGENTS-example.md, but those templates currently state the agent has a read-only GH_TOKEN. Since this section also recommends gh auth login (which doesn’t set GH_TOKEN), this can be confusing. Consider adjusting the README wording here to say the agent may be configured via GH_TOKEN/GITHUB_TOKEN or gh auth login, and that the templates’ “GH_TOKEN” wording is shorthand for the read-only gh authentication context.

Suggested change

	2. Configure your coding agent to use a separate read-only token:
	```bash
	echo "<your-read-only-token>" | gh auth login --hostname github.com --with-token
	# or (session-scoped): export GH_TOKEN=<your-read-only-token>
	```
	3. Add agent instructions in each target repository:
	- Claude Code: copy [`CLAUDE-example.md`](CLAUDE-example.md) to `CLAUDE.md`
	- OpenAI Codex: copy [`AGENTS-example.md`](AGENTS-example.md) to `AGENTS.md`
	2. Configure your coding agent to use a separate read-only token (either via `gh auth login` or an environment variable):
	```bash
	# Option A: configure `gh` with a read-only token (preferred)
	echo "<your-read-only-token>" | gh auth login --hostname github.com --with-token
	#
	# Option B: session-scoped environment variable for tools that read GH_TOKEN/GITHUB_TOKEN directly
	export GH_TOKEN=<your-read-only-token> # or: export GITHUB_TOKEN=<your-read-only-token>

3. Add agent instructions in each target repository:

   • Claude Code: copy CLAUDE-example.md to CLAUDE.md
   • OpenAI Codex: copy AGENTS-example.md to AGENTS.md

   In these templates, references to GH_TOKEN mean the agent's read-only GitHub authentication context. You can provide this either by exporting GH_TOKEN/GITHUB_TOKEN or by authenticating gh with gh auth login using the read-only token above.