Update the way github authorization is handled, fixes #1632

Since api.github.com redirects to s3 for downloads and s3 does not like Authorization
headers, we have to rely on the access_token query param. Otherwise php follows redirects
but still sends the Authorization header to all following requests.

src/Composer/Util/RemoteFilesystem.php

@@ -101,6 +101,10 @@ class RemoteFilesystem
         $this->lastProgress = null;
 
         $options = $this->getOptionsForUrl($originUrl, $additionalOptions);
+        if (isset($options['github-token'])) {
+            $fileUrl .= (false === strpos($fileUrl, '?') ? '?' : '&') . 'access_token='.$options['github-token'];
+            unset($options['github-token']);
+        }
         $ctx = StreamContextFactory::getContext($options, array('notification' => array($this, 'callbackGet')));
 
         if ($this->progress) {
@@ -281,9 +285,13 @@ class RemoteFilesystem
 
         if ($this->io->hasAuthentication($originUrl)) {
             $auth = $this->io->getAuthentication($originUrl);
+            if ('github.com' === $originUrl && 'x-oauth-basic' === $auth['password']) {
+                $options['github-token'] = $auth['username'];
+            } else {
                 $authStr = base64_encode($auth['username'] . ':' . $auth['password']);
                 $headers[] = 'Authorization: Basic '.$authStr;
             }
+        }
 
         $options = array_replace_recursive($this->options, $additionalOptions);