Allow usernames in private registry urls

[PeterJCLaw]

Is there an existing issue for this?

• I have searched the existing issues

Feature description

In some configurations pip requires that an --extra-index-url contains a username (as described at pypa/pip#12543). Currently dependabot enforces the lack of a username in private registry urls and will insert the url without the username into requirements files, even if a version of the url (with the username) is already present.

The presence of the url without the username then breaks workflows which expect the username to be present.

For context my setup is:

• pip-compile, with --extra-index-url (containing a username) in the *.in files
• keyring with Google's plugin to access a Google Artifact Registry PyPI
• dependabot with a private registry config for the plain (i.e: no-username) index url

It would be great if one of the following were true:

• dependabot allowed usernames in private registry urls
  • in my case I actually want to then override that username with a different one for dependabot to actually use, so I'd want support for that too
• dependabot could be configured either with the url to insert or being told not to insert a url (i.e: trust that the url is already present)
• dependabot could automatically detect the presence of an equivalent url and not insert the different one into the generated requirements files

I'm also open to other ways to approach this if there's something around configuring dependabot that I've missed.