Exhaustively test authentication mechanisms for package manager APIs
Note: Adding this issue to track work for !76324 (closed), which is intended to take !50729 (closed) community contribution across the finish line
Summary
Currently, most package manager APIs allow a far broader range of auth pathways than expected and documented. And this has mostly happened by accident.
The goal of this issue is to have a comprehensive set of specs that test most of the package manager APIs to find which authentication mechanisms are available for each package format. Putting special emphasis here on available vs officially supported.
This will also help catch any unintended modifications. And later, as each package manager API is updated to reduce the available auth mechanisms to a desired officially supported minimum (see &3807), these specs can be updated, serving as proof that unnecessary doors are being removed.