Does not support fetching sparse index on an authenticated registry

[cpaika]

Describe the bug
I am running an internal Artifactory instance. My config.json has the flag auth-required: true defined in it, which has been merged as the standard in the last few months: https://rust-lang.github.io/rfcs/3139-cargo-alternative-registry-auth.html#guide-level-explanation

When this flag is enabled, the client should fetch the crate index sending an Authorization header.

Currently I'm getting a 403 attempting to use this library against an authenticated private registry because its fetching the index without setting Authorization.

To Reproduce
Steps to reproduce the behavior:
Setup private repository, with authenticated crate index access (may be difficult)
Attempt to publish or fetch a crate to the private registry
See the command fail

Expected behavior
The library should send an authorization header for the index fetches if auth-required is true in the config.json.

[Jake-Shadle]

I have a bunch of other stuff to work on so don't really have time to investigate this, if you come up with a simple (ie no dependencies preferably) method of retrieving an index's token then I'd accept a PR, but in the meantime you could use https://docs.rs/tame-index/latest/tame_index/index/sparse/struct.SparseIndex.html#method.make_remote_request to create the request and append the authentication token manually and then execute the request yourself.