Update command-line interface for .netrc file handling

[mattt]

This PR updates how .netrc file handling behavior is configured in swift-package command and its subcommands.

Motivation:

When resolving dependencies through a registry (SE-0292), users will often need to authenticate with the configured server. Because .netrc files are the prescribed way to store and manage credentials, it makes sense for them to be read by default, rather than being opt-in behavior.

Modifications:

• Default / invert --netrc to true, such that users instead opt-out with --no-netrc
• Deprecate and hide the --netrc-optional flag, such that passing it is a no-op
• Add help messages for the --netrc flag and --netrc-file-path option

Result:

Before:

$ swift package
[...]
OPTIONS:
[...]
 --netrc
  --netrc-optional
  --netrc-file <netrc-file>

After:

$ swift package
[...]
OPTIONS:
[...]
  --netrc/--no-netrc      Load credentials from a .netrc file (default: true)
  --netrc-file <netrc-file>
                          Specify the .netrc file path. 

[mattt]

@swift-ci Please smoke test

[neonichu]

Isn't netrc optional the behavior we want? I don't think we should force every user to having to provide a netrc file.

[tomerd]

i think the semantics we want is:

1. if the user has a netrc file, we use it, unless they opt out with --disable-netrc (or similar flag)
2. if there is no netrc file, we dont fail, just continue to operate without auth.
3. in situations which require auth (don't think we have any yet), if no auth provider exists (netrc or otherwise), we emit a domain specific error at the call site

@neonichu @abertelrud @mattt does that match tour expectations?

[mattt]

@neonichu @tomerd Yes, that's what I was going for, but e824ef7 had the incorrect logic. 😓 The version in 85fa08a should be correct:

https://github.com/apple/swift-package-manager/blob/85fa08a36f214f51d9d5f915b0e322d3fb2806d0/Sources/Commands/SwiftTool.swift#L491-L502

To your third point: Yes — authentication errors should be emitted by the HTTP client responsible for downloading the binary artifact / source archive. Swift Package Manager can't know if credentials are needed or the provided ones are invalid until they connect to the remote server.

[tomerd]

couple of questions but semantics seems right me. @neonichu @abertelrud wdyt?

[mattt]

@swift-ci Please smoke test

[tomerd]

lgtm

[mattt]

@tomerd Following up on your thread with @natecook1000, I found a reasonable solution with the following properties:

• --enable-netrc and --disable-netrc flags with mutual exclusivity
• --netrc-file-path that emits an error when the path doesn't exist, and is mutually exclusive with --disable-netrc
• Hidden --netrc and --netrc-optional flags that emit warnings when specified

So the new command-line interface is:

USAGE: swift package <options> <subcommand>

OPTIONS:
...
  --enable-netrc/--disable-netrc
                          Load credentials from a .netrc file (default: true)
  --netrc-file <netrc-file>
                          Specify the .netrc file path. 

I also found a bug in the existing unit tests, where do / catch blocks were used instead of XCTAssertThrows, which don't fail when an expected error isn't thrown. Maybe something to audit across our test suite at some point.

[mattt]

@swift-ci Please smoke test

[tomerd]

this is great