One suggestion is to improve the permissions system. For example, third-party github plugins that interact with the github system (e.g., setting labels, responding to comments) require "write permissions" which gives those systems "push" access to the underlying repo. Simply separating the git repository access control from the github UI / issues / pull requests access control system would be very helpful. I'm sure there are many other examples of where the permissions system needs some finer-grained access.
Edit: Essentially the same as reported here: https://github.com/isaacs/github/issues/268