This adds the ability to disable the use of the libgit2 credential callback which requests a username and password from the user, using an environment variable GIT_CREDENTIAL_CALLBACK=0. Possible use cases for this are:

• Limiting access to remote repositories that do not need authentication.
• Downstream projects which implement their own authentication, perhaps via a CORS proxy or some other interception of the remote https request.

I considered a number of other possible environment variables:

• GIT_DISABLE_CREDENTIALS=1
• GIT_DISABLE_CREDENTIAL_CALLBACK=1
• GIT_NO_CREDENTIAL_CALLBACK=1

and in the end I have opted for what I think is the least bad option. I could easily be persuaded to use a different one.

If you disable the callback then a request that requires authentication will fail with the following error message:

error: remote authentication required but no callback set