Fix: Properly propagate git authentication errors in fetch/import operations

[paipeline]

Fixes #10992

Problem

When git authentication fails during DVC fetch or import operations (e.g., with incorrect PAT tokens), authentication errors were being silently converted to generic SCM errors or not propagated at all. This caused DVC to report misleading messages like 'Everything is up to date' instead of the actual authentication failure.

Root Cause

1. In _pull() function: git.fetch() and fetch_all_exps() calls could raise AuthError but these weren't being caught and converted to DVC's GitAuthError
2. In clone() function: AuthError from git operations was being caught as generic InternalCloneError and converted to a generic CloneError('SCM error'), losing authentication context

Solution

• Enhanced _pull() function to catch AuthError from both git.fetch() and fetch_all_exps() calls and convert them to GitAuthError
• Updated clone() function to specifically catch AuthError before generic InternalCloneError and preserve authentication error details
• Added proper error chaining with from exc for better debugging and error traceability

Testing

• Added comprehensive test suite covering all authentication failure scenarios
• Tests verify that AuthError is properly converted to GitAuthError with correct error messages
• Tests cover both clone and pull operations, including experiment fetching

Impact

• Users will now receive clear, actionable error messages when authentication fails
• No more misleading 'Everything is up to date' messages when credentials are wrong
• Better developer experience with proper error context and troubleshooting links

This is a critical fix for production DVC workflows where authentication failures need to be clearly reported rather than silently ignored.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

paipeline seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov]

Codecov Report

❌ Patch coverage is 61.53846% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.97%. Comparing base (2431ec6) to head (29c3864).
⚠️ Report is 192 commits behind head on main.

Files with missing lines	Patch %	Lines
dvc/repo/open_repo.py	60.00%	4 Missing ⚠️
dvc/scm.py	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #10998      +/-   ##
==========================================
+ Coverage   90.68%   90.97%   +0.28%     
==========================================
  Files         504      505       +1     
  Lines       39795    41114    +1319     
  Branches     3141     3258     +117     
==========================================
+ Hits        36087    37402    +1315     
- Misses       3042     3074      +32     
+ Partials      666      638      -28     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.