Validate username for basic auth with PAT
What does this MR do and why?
Currently, a user can provide any username with a PAT and, for example, clone a repo. It has a minor security implication but let's fix it to be consistent: if we require a username it must match.
Closes: #212953