Introduce a mechanism for plugging in external auth UI helpers

[mjcheetham]

At the moment GCM Core can shell out to external 'helper' applications that display authentication GUIs to capture input and notify the user of an OAuth flow. The name of the helpers are hard-coded, and the binaries must exist next to the main GCM Core binary on disk. This makes it hard to replace or add helpers not shipped in-box.

Proposal

1. Introduce a configurable 'search path' setting (environment variable?) that external helpers can plug in to let GCM Core discover them.
2. Add a setting to override the name of the UI helper for each host provider (e.g., credential.githubAuthHelper = gh-cl-helper)
3. 3rd party helpers can add themselves on the 'helper search path' and set the credential.*AuthHelper option

Issues

1. Malicious apps could insert themselves in the search path and capture/send-home input secrets. How can we verify or trust which application we're launching? Is this onus on the user?
2. Multiple helpers could start fighting over the order of the search path setting, which might be confusing/annoying for users. Do we need to take more control over this? git-credential-manager-core install-plugin <x>? Too complicated?

[mminns]

Perhaps rather than option 2, follow the pattern git credential.helpers already use.

If you just put the credential helper exe name then GCMC will only look in the install directory, e.g.

credential.githubAuthHelper = gh-cl-helper

If you put a full path the GCMC uses that

credential.githubAuthHelper = c:\blah\blah\gh-cl-helper.exe

This might simplify your issues as well since there is no 'search path' as such?