[v11.0/forgejo] fix: use credentials helpers for git clones (#9069)

**Backport**: https://codeberg.org/forgejo/forgejo/pulls/9067

When performing a `git clone` that requires credentials, they are temporarily stored in files and used with [Git credential](https://git-scm.com/docs/gitcredentials/2.50.0#_requesting_credentials). They were previously included in the URL that were readable by a user with shell access to the host running the Forgejo instance when, for instance, they ask for the list of process (`ps`).

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9069
Reviewed-by: 0ko <0ko@noreply.codeberg.org>

tests/integration/git_helper_for_declarative_test.go

@@ -105,6 +105,8 @@ func doGitClone(dstLocalPath string, u *url.URL) func(*testing.T) {
 		exist, err := util.IsExist(filepath.Join(dstLocalPath, "README.md"))
 		require.NoError(t, err)
 		assert.True(t, exist)
+		// Set user:password
+		doGitSetRemoteURL(dstLocalPath, "origin", u)(t)
 	}
 }
 
@@ -117,6 +119,8 @@ func doPartialGitClone(dstLocalPath string, u *url.URL) func(*testing.T) {
 		exist, err := util.IsExist(filepath.Join(dstLocalPath, "README.md"))
 		require.NoError(t, err)
 		assert.True(t, exist)
+		// Set user:password
+		doGitSetRemoteURL(dstLocalPath, "origin", u)(t)
 	}
 }
 
@@ -162,6 +166,14 @@ func doGitAddRemote(dstPath, remoteName string, u *url.URL) func(*testing.T) {
 	}
 }
 
+func doGitSetRemoteURL(dstPath, remoteName string, u *url.URL) func(*testing.T) {
+	return func(t *testing.T) {
+		t.Helper()
+		_, _, err := git.NewCommand(git.DefaultContext, "remote", "set-url").AddDynamicArguments(remoteName, u.String()).RunStdString(&git.RunOpts{Dir: dstPath})
+		require.NoError(t, err)
+	}
+}
+
 func doGitPushTestRepository(dstPath string, args ...string) func(*testing.T) {
 	return func(t *testing.T) {
 		t.Helper()