Implement OAuth flow to authenticate differently for private registries

[MadJlzz]

What's the problem this feature will solve?
Authenticate to an OAuth2 server with pip for getting private packages from secured index.

Describe the solution you'd like
Whenever I am asking pip to get a package/packages, it should redirect me to the OAuth2 server I specified, either
from pip configuration file or through the command line with a special flag in order to authenticate and authorize the pip client to get ressources from a secured index.

To keep things standard, I think it should implement RFC6749 flow.

Alternative Solutions
We really want to keep using pip so I didn't search for an alternative tool.
I took a look at basic authentication but since it's not supported by the Google Cloud Platform, I cannot authenticate this way. (see additional context below)

Additional context
I developed a simple implementation of Simple Repository API (PEP 503) that is auto-indexing packages store within Google Cloud Storage.
We didn't wanted to deploy an overly complicated tool like Artifactory or Nexus for a company that is composed of only 10 people that's why we thought of a simpler solution by using GCS.

At the moment, we have a working solution that is using signed URL but it's not secure at all, meaning that anyone who gets the URL, can download the file.

Since you cannot authenticate to Google Cloud Platform with basic authentication but with OAuth2, this is why we are kindly asking for this new feature.

In case you'll be interested by this private repository backing Google Cloud Storage for storing packages, you can find the source code here.

Thanks a lot for the support!

[uranusjr]

https://github.com/psf/fundable-packaging-improvements/blob/master/FUNDABLES.md#architecture-to-support-alternative-authentication-methods-in-packaging-tools

[MadJlzz]

Related to #4475.

[pradyunsg]

Closing and bundling with #4475.