Update guides to ensure proper perms (#5153)

update guides to ensure proper perms

docs/docs/run_minder_server/config_provider.md

@@ -38,6 +38,7 @@ Complete the following fields:
    - Callback URL: `http://localhost:8080/api/v1/auth/callback/github-app/app`
    - Add an additional Callback URL for Keycloak: `http://localhost:8081/realms/stacklok/broker/github/endpoint`
    - Select the checkbox for "Request user authorization (OAuth) during installation"
+
 ![Configuring the GitHub Provider](./images/provider-ident-and-auth.png)
 
 ### Webhook
@@ -55,7 +56,11 @@ Select the following permissions:
      - Webhooks (read and write)
      - Workflows (read and write)
 
+   - Account permissions:
+     - Email addresses (read only)
+
 Once completed, double check your selected numbers match the ones in the screenshot.
+
 ![Permissions](./images/provider-permissions.png)
 
 ### Installation and Scope
@@ -77,6 +82,7 @@ Save the Client secret value for use in the Configure Minder step.
 
 ### Generate a private key 
 Scroll down to the bottom of the page and generate a private key.
+
 ![Generate a private key](./images/provider-generate-private.png)
 
 This will generate and download your private key.
@@ -102,7 +108,9 @@ github-app:
 ```
 Update the `client_id` and `client_secret` values with the following:
 - Client ID : Found in the General -> About section of your GitHub App on GitHub.
+
 ![Client ID](./images/provider-client-id.png)
+
 - Client Secret : The value you saved previously. 
 
 ### Add Provider configuration
@@ -117,17 +125,20 @@ provider:
     private_key: ".secrets/github-app.pem"
 ```
 Update the `app_name` with the name of your app, which you can get by looking at the GitHub URL when editing your GitHub App. For example, if the URL is https://github.com/settings/apps/my-test-app, then your app name is my-test-app.
+
 ![App name](./images/provider-app-name.png)
 
 Update `app_id` with the app ID of your GitHub App, which is found in the General -> About section of your GitHub App on GitHub.
+
 ![App ID](./images/provider-app-id.png)
 
 Finally, you need the `user_id` value. To get the value, run the following command, where `<app-name>` is the App name you used above:
 
 ```bash
 curl https://api.github.com/users/<app-name>%5Bbot%5D
 ```
-Update the `user_id` value with the `id` value returned from that command. 
+Update the `user_id` value with the `id` value returned from that command.
+
 ![User ID](./images/provider-user-id.png)
 
 Now save the file. Your Provider is now created and the Minder server is configured to use it.

docs/docs/run_minder_server/run_the_server.md

@@ -73,6 +73,11 @@ you should see 4 new services running:
 - openfga
 - postgres
 
+At this point, you might also want to ensure that created folders are owned by the current user - e.g.:
+```bash
+sudo chown "$(id -un):$(id -gn)" {flags-config.yaml,.secrets,.ssh}
+```
+
 
 ### Configure Keycloak
 Now that the Keycloak application is running, you need to configure it using the GitHub App you previously configured. 
@@ -99,12 +104,15 @@ minder auth login
 ```
 
 This will open Keycloak login window in your browser.
+
 ![Keycloak Login](./images/keycloak-login.png)
 
 Click GitHub to sign in. This should display a GitHub authorization window asking if you'd like to give permission to your Minder server. 
+
 ![Github Auth](./images/github-auth.png)
 
 Click Authorize. The browser window should say Authentication Successful and the command line should say you've been successfully registered. 
+
 ![Successful Minder Auth](./images/successful-install.png)