fix(plugin): restore private git install fallback

[rekram1-node]

Summary

Private Git plugin URLs go through Arborist and pacote. For GitHub repos, pacote resolves the commit SHA and tries a faster codeload.github.com tarball before falling back to git clone.

For private SSH-only repos, the codeload request is anonymous and returns 404. Pacote should recover by cloning over SSH, but pacote@21.5.0 identifies HTTP errors using the error constructor name:

if (er.constructor.name.match(/^Http/)) {
  return this.#clone(handler, false)
}

opencode release binaries are minified, which can rename that constructor. The fallback check then fails and plugin installation stops at the codeload 404.

This backports npm/pacote#481, which checks stable error properties instead:

if ((typeof er.statusCode === "number" && er.statusCode >= 400) ||
    /^TAR_/.test(er.code)) {
  return this.#clone(handler, false)
}

The initial anonymous codeload request still happens. This restores the intended Git clone fallback.

Verification

• reproduced the codeload 404 with a disposable private GitHub repo and a minified installer harness
• rebuilt the same harness with this patch and confirmed installation succeeds via SSH fallback
• ran bun install --frozen-lockfile