Every package should use its own token. This allows you as the author of some package to only request access to API scopes that are actually needed, which in turn might make it easier for users to trust your package not to do unwanted things.
You have to tell
ghub-request on behalf of which package a request is
being made by passing the symbol
PACKAGE as the value of its
(ghub-request "GET" "/user" nil :auth 'PACKAGE)
Keep in mind that the users of your package will have to manually create a suitable token. To make that easier, you should not only link to this manual but also prominently mention the scopes the token needs; and explain what they are needed for.