Retain passwords in Git URLs (#1717)

Fixes handling of GitHub PATs in HTTPS URLs, which were otherwise
dropped. We now supporting the following authentication schemes:

```
git+https://<user>:<token>/...
git+https://<token>/...
```

On Windows, the username is required. We can consider adding a
special-case for this in the future, but this just matches libgit2's
behavior.

I tested with fine-grained tokens, OAuth tokens, and "classic" tokens.
There's test coverage for fine-grained tokens in CI where we use a real
private repository and PAT. Yes, the PAT is committed to make this test
usable by anyone. It has read-only permissions to the single repository,
expires Feb 1 2025, and is in an isolated organization and GitHub
account.

Does not yet address SSH authentication.

Related:
- https://github.com/astral-sh/uv/issues/1514
- https://github.com/astral-sh/uv/issues/1452

crates/uv-git/src/lib.rs

@@ -65,10 +65,15 @@ impl TryFrom<Url> for GitUrl {
         // If the URL ends with a reference, like `https://git.example.com/MyProject.git@v1.0`,
         // extract it.
         let mut reference = GitReference::DefaultBranch;
-        if let Some((prefix, rev)) = url.as_str().rsplit_once('@') {
-            reference = GitReference::from_rev(rev);
-            url = Url::parse(prefix)?;
+        if let Some((prefix, suffix)) = url
+            .path()
+            .rsplit_once('@')
+            .map(|(prefix, suffix)| (prefix.to_string(), suffix.to_string()))
+        {
+            reference = GitReference::from_rev(&suffix);
+            url.set_path(&prefix);
         }
+
         let precise = if let GitReference::FullCommit(rev) = &reference {
             Some(GitSha::from_str(rev)?)
         } else {