Enable unauthenticated generic package registry

GitLab has a setting that allows unauthenticated access to the package registry.

We want this because we back-up APE cosmo.zip binaries to the GitLab generic package registry. Pulling from the package registry will reduce bandwidth on the upstream.

However, as of writing, this instance of GitLab does not allow unauthenticated access to be toggled.

When we do get unauthenticated access we can add the generic package registry as the first URL to download from.

Currently, if we set the URL, it will spew 404 not found errors unless a token with at least read_api access is provided in .netrc.