Enable sending an authentication header when requesting a crate for download

[jrpascucci]

Describe the problem you are trying to solve
An artifactory private repositories behind a proxy. Cargo gets index fine, can't use git b/c multiple reasons, download doesn't send token.

Describe the solution you'd like
New config "[http] auth-for-download=true" (name suggestions welcome). If set, sets appropriate token to authentication header.

Notes
There was another issue related to this but my search-fu failed to find it, some of them got closed via the git-fetch-cli, but was unsatisfying to a few.

Outstanding questions:

• to send or not to send "Accept: application/json". Might need a second setting. "-headers", to give higher flexibility?
• Any guidance on whether to tie the setting to nightly or not to start off with? A glance, at the moment, is all the changes are completely blocked off by the one setting.

I have a meh implementation, but it's got a few things I'm not in love with. I will follow-up with a note on the subject. Working on a unit test now (don't really know how to validate it), and have to await permission from my corporate legal to submit an outgoing update.

The other thing I'm thinking of is that there probably should be separate proxy and net sections for different repos. :b...

[Eh2406]

I think, this will require more decisions than we can accept with just a Issue/PR. This will require an RFC. There is some discussions started at https://rust-lang.zulipchat.com/#narrow/stream/246057-t-cargo/topic/registry.20authentication and an older conversation at rust-lang/rfcs#2719

[arlosi]

I started a Pre-RFC here: https://internals.rust-lang.org/t/pre-rfc-cargo-alternative-registry-authentication/14794

[ehuss]

I'm going to close as a duplicate of #6843. It looks like ya'll are following up through the RFC and discussion, and this is definitely something that would be great to improve on.