This supplements the available-packages list so that repositories may
rule themselves out of a given name (and thus not be probed with lazy
load requests) by regex, as well as by exact name match.
The use case is sizeable and varying supplemental Composer repositories
such as packages.drupal.org, which otherwise must either maintain a list
of over 10k package names in their root packages.json or accept lots of
lazy-load requests for unrelated packages that will 404.
* master:
Add tests for edge cases of packages providing names which exist as real packages
Add another test verifying that a package may provide an incompatible version of sth that actually exists
Fix provider coexistence test, needs another requirement to install both
Fix test filename to end with .test extension so it gets run
Update config section to note required scope for GitLab tokens
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes#9079
Also remove credentials from cache dirs in git/svn drivers, fixes#7439, refs #9155
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Sanitize repo URLs to mask HTTP auth passwords from cache directory
Util/Zip: fix strpos args order
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.
Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.
Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
