fix(git): use URL-rewrite for token-authenticated clone

[WaliedA]

Problem

When git_token was supplied, the previous code used git -c http.extraHeader=Authorization: Basic <base64>. Git still ran its credential subsystem first and aborted with:

fatal: could not read Username for 'https://github.com': terminal prompts disabled

This broke any clone with a non-empty token, including public repos.

Fix

Replace the broken header approach with URL credential injection:

• GitHub / GitLab / others: https://oauth2:<token>@host/...
• Bitbucket: https://x-token-auth:<token>@bitbucket.org/...

After a successful clone the remote origin is immediately reset to the clean URL so the token is never in .git/config.

Security hardening

Change	Why
_validate_git_url() regex allowlist	Rejects URLs with shell metacharacters (command-injection guard)
_sanitize_token() on errors	Token never appears in messages returned to the client
URL passed as argv element, never shell string	No shell-interpolation risk
Token excluded from BasicProjectData (existing)	Not written to project.json

Acceptance tests

Test	Result
Anonymous clone of public repo	✅ ok: True
Public repo + bogus token (regression)	✅ ok: True (was failing before)
Invalid token → sanitized error	✅ ok: False, token redacted as ***
Command-injection URL rejected	✅ ok: False, validation error

All .git/config files confirmed token-free after clone.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ce38afa30e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".