When scrubbing box urls of access token parameters, only return
the processed URL if the access token was removed. If it was not
removed, return the original URL string. This prevents issues with
local file URLs being parsed and replaced with invalid paths.
Fixes: #12340#12350#12320
Replace the `VAGRANT_ALLOW_PARAM_AUTH_TOKEN` environment variable
with `VAGRANT_SERVER_ACCESS_TOKEN_BY_URL` and update the behavior
when the environment variable is set to add the access token as
a query parameter and disable the addition of the authentication
header.
Fixes#12080
This sets the `authenticate_box_url` hook as deprecated and also
disables the cloud auth middleware from adding an access token
as a URL parameter by default. An environment variable has been
added which can be used for re-enabling the access token URL
parameter behavior if required for some legacy system which does
not support the authorization header.
Prior to this commit, the AddAuthentication hooks still existed in a
deprecated class LoginCommand. This commit fixes that by moving it over
to the vagrant cloud cli namespace instead.
