pub fn enforce_trusted_remote_endpoint(
cfg: &LayeredConfig,
) -> Result<(), String>Expand description
Refuse to use ambient HTTP/S3 environment credentials with a repo-configured endpoint unless the user has explicitly trusted that exact remote in user-scoped config.
Retained as the back-compat entry point for the flat single-remote
remote_endpoint. New, per-endpoint callers (named remotes, the
shared transport-dispatch choke point) should use
endpoint_credential_trust, which is keyed on an explicit
repo_chosen provenance flag rather than re-deriving it from the
flat field.