atm we're too strict on token validation and it can cause a lot of false positives (and is not very future proof)

eg. if GitHub introduces a new token format we will reject a perfectly valid token

emitting a warning is fine if the token does not have the expected format but we should continue