[FEATURE REQUEST] Fetching a private repo in github using wit-deps update

[KingEluard]

I'm trying to include a private repository reference within my wit/deps.toml file. However, upon attempting to update the dependencies using the wit-deps update command, I consistently run into an error message stating "GET request failed (404) URL not found". This indicates that the system is unable to locate the specified URL. My guess was it is a private repository and the wit-deps command is not authenticated to access it.

To address this issue and improve functionality, I think it would be highly beneficial to introduce an authentication option for updating wit-deps. This would allow users to securely access and update dependencies from private repositories without encountering the aforementioned error.

[rvolosatovs]

Thank you for the report, indeed, wit-deps intentionally implements only the bare minimum of functionality to be useful, which was largely influenced by the lack of conventions and/or infrastructure at the time when it was developed.
Really, all it does is it fetches a tarball from a URL, unpacks it and computes a digest.

In order to support private git repositories, I think wit-deps would need to have "real" git support, which would also let us record a reproducible source of the artifact in the lock.

Private repositories would be supported by reusing the local git config, perhaps even simply shelling out to git binary for MVP.

Would you be interested in contributing to this feature?