Setting up a connected app that needs access to a gated public repo seems to require setting the scope of ‘read-repos’. However, this leads to a scary message for the user that the connected app will have access to all their gated AND private repos.
That is unnecessary for apps seeking only access to gated repos that the user has been granted. Access to private repos as well gives the user understandable pause and hurts the user’s experience of the connected app.