Issue: Retrieving private Azure DevOps Artifacts NuGet Feed cause exception

[thrisikos-exida]

Hi there.

Firstly, I wanted to say this is a really useful library. I didn't see a bug template for this repository, so I just tried to include as much detail as possible.

Steps

1. Add a NuGet.config to repository
2. Add a private Azure DevOps Artifact NuGet Feed Package Source to the packageSources , e.g. <packageSources><add key="AzureDevOps" value="https://pkgs.dev.azure.com/.../nuget/v3/index.json" /></packageSources>
3. Add and reference a package from Azure DevOps Artifact NuGet Feed to a csproj
4. Run thirdlicense --project {project}

Observed
There is an unhandled exception with HTTP Status Code of 401 (Unauthorized).

Expectation
I believe Third License should either:

1. use cached NuGet credentials (or prompt for NuGet credentials from the user)
2. have a flag to ignore the failed source(s) (similar to the parameter --ignore-failed-sources in dotnet restore)

I have no experience with the NuGet SDK so I don't think I can do option 1, but I am more than happy to contribute a PR for option 2. If that would be okay?

---

Stack Trace

Unhandled exception: NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source https://pkgs.dev.azure.com/{redacted}/_packaging/{redacted}/nuget/v3/index.json.
 ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at NuGet.Protocol.HttpSource.<>c__DisplayClass15_0`1.<<GetAsync>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
   at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
   at NuGet.Protocol.HttpSource.GetAsync[T](HttpSourceCachedRequest request, Func`2 processAsync, ILogger log, CancellationToken token)
   at NuGet.Protocol.ServiceIndexResourceV3Provider.GetServiceIndexResourceV3(SourceRepository source, DateTime utcNow, ILogger log, CancellationToken token)
   --- End of inner exception stack trace ---
   at NuGet.Protocol.ServiceIndexResourceV3Provider.GetServiceIndexResourceV3(SourceRepository source, DateTime utcNow, ILogger log, CancellationToken token)
   at NuGet.Protocol.ServiceIndexResourceV3Provider.TryCreate(SourceRepository source, CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T](CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T]()
   at NuGet.Protocol.HttpFileSystemBasedFindPackageByIdResourceProvider.TryCreate(SourceRepository sourceRepository, CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T](CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T]()
   at ThirdLicense.NuGetProtocolInspector.AddRepositoryAsync(PackageSource source) in /home/runner/work/ThirdLicense/ThirdLicense/src/ThirdLicense/NuGetProtocolInspector.cs:line 130
   at ThirdLicense.NuGetProtocolInspector.AddDefaultEndpointsAsync() in /home/runner/work/ThirdLicense/ThirdLicense/src/ThirdLicense/NuGetProtocolInspector.cs:line 88
   at ThirdLicense.Program.Generate(String project, String endpoint, FileInfo output) in /home/runner/work/ThirdLicense/ThirdLicense/src/ThirdLicense/Program.cs:line 96
   at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()

[pleonex]

Thanks for the detailed report!

A flag like --ignore-failed-sources would be useful, so it can retrieve info from public feeds for now at least.

Regarding authentication, the NuGet docs explains how to authenticate... by code.
At this moment the tool can read package sources from nuget.config in the current directory or from a specific endpoint passed by CLI.

I would need to experiment with other options like finding and loading nuget.config from the user APPDATA that usually have the encrypted credentials or passing credentials via environment variables.