Support additional auth schemes to allow integration with other git providers

[mortent]

porch currently only supports basic authentication against git repositories. We need to support additional auth schemes such as ssh keys and GCP service accounts to enable integration with other git providers.

We have a separate issue to support [Cloud Source Repositories] using workload identity.

[bgrant0607]

FWIW, I use a personal access token with github, and that works using the kubernetes.io/basic-auth secret, with the token as the password. Not sure about other git providers.

[johnbelamaric]

Adding note from #3440 and closing that as a duplicate:

When using Porch, I can register a repository with basic auth or workload identity. The basic auth can be used with GitHub personal access tokens. However, those tokens are highly priviliged - so much so that for my testing I created a new, separate GitHub user.

Instead, if we can support ssh auth, then I should be able to use a deploy key, which is scoped to an individual repository.

Not a blocker at this time but will be needed as we move towards something that folks could use in prod.

[ianonavy]

Will this extend to kpt pkg get as well? Wasn't sure if I should open up a separate issue, but the desire is for kpt pkg get "ssh://[email protected]/organization/repo.git" to work. I would have expected this to work out of the box, but it seems like there is some special case logic for github.com URIs, and it doesn't currently accept [email protected]. See below:

https://github.com/GoogleContainerTools/kpt/blob/519b56cfb9f19a73d375a31d19213f1ab8c44326/internal/util/parse/parse.go#L149