Support dotnet nuget api-key option

What does this MR do and why?

Problem to solve:

Dotnet users should be able to use the NuGet package repository with the following command:

dotnet nuget push **/*.nupkg --source https://gitlab.com/api/v4/projects/1/packages/nuget/index.json --api-key PAT_TOKEN

Solution Details:

When executing

dotnet nuget push **/*.nupkg --source https://gitlab.com/api/v4/projects/1/packages/nuget/index.json --api-key PAT_TOKEN

the .net client sends a get request to GitLab NuGet Service Index endpoint to find the upload endpoint in the service response. The problem is that it doesn't send the --api-key with the request. That would make the request halted as unauthorized.

To solve this, we decided to make the Service Index endpoint public.

After the request to the Service Index is successful, the .net client sends the package file to the upload endpoint with the --api-key. In this MR, we are adding the header API key as a new accepted way of authentication. This --api-key can be:

• personal_access_token
• deploy_token
• job_token if the command is executed using CI/CD.

How to set up and validate locally

1. Create a new project on your local instance or use an existing one.
2. Ensure you have the NuGet CLI installed (see nuget docs for links to installation pages).
3. In a new directory, run nuget spec.
4. Run nuget pack in the same directory, you should find a newly generated file named Package.1.0.0.nupkg.
5. Push the package to your project:

dotnet nuget push Package.1.0.0.nupkg --source http://gdk.test:3000/api/v4/projects/<project_id>/packages/nuget/index.json --api-key <PAT_TOKEN or deploy_token>

6. The package should be published successfully.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #214674 (closed)