[JENKINS-72268] Missing permission due to desync with cache (#256)

* [JENKINS-72268] Ensure "gh" is present

In case of impersonation the gh variable and the usersByTokenCache could be de-sync, leading to token not able to connect.

Could be related to JENKINS-72209 as well.

* Fix an exception when the authentication token is not exactly which is expected from the plugin

src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java

@@ -504,6 +504,9 @@ private GHMyself loadMyself(@NonNull String token) throws IOException {
                 // Also stick into usersByIdCache (to have latest copy)
                 String username = ghMyself.getLogin();
                 usersByIdCache.put(username, new GithubUser(ghMyself));
+            } else {
+                // force creation of the gh variable, esp. in case of impersonation
+                getGitHub();
             }
         } catch (IOException e) {
             LOGGER.log(Level.INFO, e.getMessage(), e);

src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java

@@ -753,10 +753,15 @@ public int hashCode() {
     @Override
     public GroupDetails loadGroupByGroupname(String groupName)
             throws UsernameNotFoundException, DataAccessException {
-        GithubAuthenticationToken authToken =  (GithubAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
-
-        if(authToken == null)
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null) {
             throw new UsernameNotFoundException("No known group: " + groupName);
+        }
+        if (!(authentication instanceof GithubAuthenticationToken)) {
+            throw new UserMayOrMayNotExistException("The received token is not a GitHub one");
+        }
+
+        GithubAuthenticationToken authToken = (GithubAuthenticationToken) authentication;
 
         try {
             int idx = groupName.indexOf(GithubOAuthGroupDetails.ORG_TEAM_SEPARATOR);