Support artifacts upload from SBT

🔥 Problem

In #212854 (closed), we solve the issue of being able to pull artifacts from the Maven Repository with $ sbt.

During that time, we also looked into uploads.

The problem is that $ sbt uploads Maven artifacts (.jar files and friends) in a way that is not expected:

• no maven-metadata.xml file uploaded.
• snapshot versions will not follow the expected struct for filenames where a timestamp is used as a prefix. (example: com/example/hello_2.12/1.2.5-SNAPSHOT/hello_2.12-1.2.5-SNAPSHOT.jar vs gl/pru/foobar/5.0-SNAPSHOT/foobar-5.0-20230317.125446-1.jar)

🚒 Solution

• support basic auth for the Maven Repository upload endpoint
• update ::Packages::Maven::Metadata::SyncWorker so that maven packages without maven-metadata.xml are skipped.
• this part of the find or create package service needs an update as filenames for snapshots can have different structures.
  • verify that duplicates detection with classifier still works.

Workaround

One option to upload SBT artifacts is to use a deploy token with the write_package_registry scope. This supports basic auth and uploading will work.