add private Git repository authentication for MCPRegistry

[ChrisJBurns]

Summary

Add support for authenticating with private Git repositories in the MCPRegistry CRD. This enables syncing registry data from private GitHub, GitLab, and Bitbucket repositories using HTTP Basic Auth.

Changes

CRD Updates

• Add GitAuthConfig type to MCPRegistry CRD with username and passwordSecretRef fields
• The passwordSecretRef requires both name and key fields (no defaults)

Registry Server Configuration

• Generate config for registry-server with git.auth.username and git.auth.passwordFile settings
• Mount password secrets at /secrets/{secretName}/ in the registry-api pod

Testing

• Add comprehensive unit tests for config generation and pod template
• Add integration tests for Git authentication scenarios (single and multiple auth secrets)
• Remove redundant tests that duplicated existing coverage

Documentation

• Update docs/arch/06-registry-system.md with Git authentication details
• Update docs/operator/crd-api.md with new CRD fields
• Update cmd/thv-operator/REGISTRY.md with usage examples
• Add new example: examples/operator/mcp-registries/mcpregistry-git-private.yaml

Usage Example

apiVersion: toolhive.stacklok.dev/v1alpha1
kind: MCPRegistry
metadata:
  name: private-registry
spec:
  registrySource:
    git:
      url: https://github.com/myorg/private-mcp-servers.git
      auth:
        username: git-user
        passwordSecretRef:
          name: git-credentials
          key: token

Test Plan

• Unit tests for config generation (config_test.go)
• Unit tests for pod template with git auth volumes (podtemplatespec_test.go)
• Unit tests for deployment creation (deployment_test.go)
• Integration tests for single and multiple auth secret scenarios

Related

This integrates with the private Git authentication support added in toolhive-registry-server.

Ref: stacklok/toolhive-registry-server#439

Large PR Justification

• Is largely tests and auto-generated code. Happy to split if folks want to though

[github-actions]

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

---

This review will be automatically dismissed once you add the justification section.

[codecov]

Codecov Report

❌ Patch coverage is 91.83673% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.61%. Comparing base (f16d0cc) to head (5bdd9c2).

Files with missing lines	Patch %	Lines
cmd/thv-operator/pkg/registryapi/config/config.go	81.81%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3577   +/-   ##
=======================================
  Coverage   65.61%   65.61%           
=======================================
  Files         407      407           
  Lines       40246    40295   +49     
=======================================
+ Hits        26407    26441   +34     
- Misses      11779    11792   +13     
- Partials     2060     2062    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Large PR justification has been provided. Thank you!

[github-actions]

✅ Large PR justification has been provided. The size review has been dismissed and this PR can now proceed with normal review.