Mirrored from URL should not contain (hidden) username:keypass in the URL to prevent URL from not being clickable

When importing a git repository (at least via the CI/CD import) everything is nicely created and setup. The mirroring option is enabled and this is visible on the main project page. However if the import was done using certain credentials, the URL is stored with the username/password token not only in the CI/CD area, but it is also displayed as such on the main project page.

This has the effect that the link, while clickable, does not work due to scrambled username/password/token. For example:

https://:@github.com/project

is not a valid and clickable URL.

Instead, strip the username/password entirely from the URL on the 'mirrored from' header on the project page.