feat: add support for basic auth, insecure tls and headers

[ricardomaraschini]

Description

add suport for basic auth, insecure tls and headers to the download package. this PR is part of an adr implementation that i plan to introduce gradually.

Fixes # (issue)

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

How Has This Been Tested?

• Manual test
• Auto test added

Checklist:

• My code follows the style guidelines of this project
• My commit messages are signed-off
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have checked my code and corrected any misspellings

[twz123]

It was a deliberate decision not to use the default transport here, as it defines a bunch of timeouts that make configuration difficult. I think for this simple use case the staleness timeout is all that's needed.

The only thing that's probably good to set here is ProxyFromEnvironment. I'd even say setting this here should actually be backported.

[ricardomaraschini]

For the proxy issue I have opened #5064, once that is merged I can rebase this one and get rid of the Clone() call.

[ricardomaraschini]

Now that #5064 is merged I have rebased this to avoid cloning the default transport. Let me know what you think.

[github-actions]

This pull request has merge conflicts that need to be resolved.