Allow fetching auth credentials from an envvar

When an environmental variable named "COMPOSER_AUTH" is set
as $USERNAME:$PASSWORD, it is automatically used for authentication
e.g. when fetching packages from Satis.

The envvar credentials are of lower priority than URL credentials.

Fixes #4285

src/Composer/Util/RemoteFilesystem.php

@@ -207,6 +207,16 @@ class RemoteFilesystem
         $this->retryAuthFailure = true;
         $this->lastHeaders = array();
 
+        // Use COMPOSER_AUTH environment variable if set
+        if (getenv('COMPOSER_AUTH')) {
+            $credentials = [];
+            preg_match('/(.+):(.+)/', getenv('COMPOSER_AUTH'), $credentials);
+
+            if (count($credentials) === 2) {
+                $this->io->setAuthentication($originUrl, $credentials[0], $credentials[1]);
+            }
+        }
+
         // capture username/password from URL if there is one
         if (preg_match('{^https?://(.+):(.+)@([^/]+)}i', $fileUrl, $match)) {
             $this->io->setAuthentication($originUrl, urldecode($match[1]), urldecode($match[2]));