Add documentation for git-crypt encrypted .authinfo file

[Copilot]

The .authinfo file is encrypted with git-crypt but lacked documentation on how to decrypt it.

Changes:

• Added authinfo/README.md with git-crypt unlock instructions for macOS/Linux platforms
• Updated root README.md with "Encrypted Files" section linking to detailed documentation
• Documented .authinfo file format following the .netrc standard (netrc(5) manual page)
• Added security documentation explaining the encryption model when forking the repository

Key details:

• Requires git-crypt and appropriate GPG private key in keyring
• Unlock command: git-crypt unlock from repository root
• Status check: git-crypt status
• File format (decrypted): machine example.com login myuser password mypass (standard fields: machine, login, password)
• Forking: Users who fork can modify .gitattributes but cannot decrypt existing files without the original GPG private key

[!WARNING]

Original prompt

On .authinfo, can you decode this?

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[eapolinario]

@copilot if someone forks this repo can they modify the list of encrypted files?

[Copilot]

@copilot if someone forks this repo can they modify the list of encrypted files?

Yes, someone who forks the repo can modify .gitattributes to change which files are encrypted. However, they cannot decrypt the existing .authinfo file without the original GPG private key. I've added documentation explaining the security model for forks in commit 6554196.

[eapolinario]

@copilot that format for the authinfo file is not correct, there's no port. Can you find the RFC that describes the format used in authinfo?

[Copilot]

@copilot that format for the authinfo file is not correct, there's no port. Can you find the RFC that describes the format used in authinfo?

Corrected in commit 4fa5eac. The format now follows the .netrc standard documented in the netrc(5) manual page, with machine, login, and password fields. The port field was removed as it's not part of the standard format (though some tools support it as an extension).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• www.gnu.org
  • Triggering command: /usr/bin/curl curl -s REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)