Enable SSH timeout to fallback to HTTP.

[tillig]

Description

Allow SSH to timeout in the case of corporate VPN/firewalls that silently drop packets for port 22 so Git credential helpers and HTTPS can execute.

Fixes #652

Additional positive side effects:

• Authentication: You are no longer forced to use a PAT to authenticate with Azure DevOps or GitHub Enterprise. The fallback makes it "just work."
• GitHub Enterprise:
  • You no longer need to set GITHUB_HOST for working with internal GitHub Enterprise solutions. That also means...
  • If you have multiple internal GitHub Enterprise endpoints (we do!) you don't have to mess with switching this around.

I've verified both of these additional scenarios on our internal GHE instance. Things start to "just work."

Type of change

• Bug fix
• New feature
• Documentation
• Maintenance / refactor

Testing

• Tested locally
• All existing tests pass
• Added tests for new functionality (if applicable)

Note: There is no .editorconfig in the repo and there is a mix/match of "trim trailing whitespace" and "leave trailing whitespace alone" in the code. When I made my updates, my editor was set to trim, so you'll see whitespace changes.

I'm happy to create a follow-up PR with an .editorconfig to help standardize formatting in the repo. Or, if the whitespace truncation appears to be "too much," I can roll those portions of the PR back.

[Copilot]

Pull request overview

This PR addresses installs hanging indefinitely when corporate networks silently drop SSH (port 22) by ensuring SSH clone attempts fail within a bounded time so the clone flow can fall back to HTTPS (enabling git credential helpers to work).

Changes:

• Set GIT_SSH_COMMAND to include -o ConnectTimeout=30 (merging with any user-provided GIT_SSH_COMMAND) to prevent indefinite SSH hangs.
• Add unit tests verifying the SSH connect timeout behavior and env propagation across locked-down vs relaxed git envs.
• Document the SSH hang scenario and the GIT_SSH_COMMAND behavior in both user docs and the apm-guide skill.

Show a summary per file

File	Description
src/apm_cli/deps/github_downloader.py	Adds GIT_SSH_COMMAND ConnectTimeout injection/merge to bound SSH connection time.
tests/unit/test_auth_scoping.py	Adds a regression test ensuring relaxed env still contains GIT_SSH_COMMAND.
tests/test_github_downloader.py	Adds tests for setting/merging/preserving GIT_SSH_COMMAND ConnectTimeout.
packages/apm-guide/.apm/skills/apm-usage/authentication.md	Documents SSH hang scenario and override behavior.
docs/src/content/docs/getting-started/authentication.md	Documents SSH hang scenario and override behavior.

Copilot's findings

• Files reviewed: 5/5 changed files
• Comments generated: 1

[sergio-sisternes-epam]

Excellent contribution — this is a real problem on corporate networks and the fix is clean and well-tested. The docs updates (both user-facing and skill guide) are a nice touch.

The whitespace changes inflate the diff but the core logic is surgical. No concerns there — an .editorconfig follow-up would be welcome to standardize going forward (we'll create a tracking issue for that).

One request before merge: please add a CHANGELOG entry under ## [Unreleased]:

### Fixed
- Fix `apm install` hanging indefinitely when corporate firewalls silently drop SSH packets by setting `GIT_SSH_COMMAND` with `ConnectTimeout=30` (#652)

Thanks for the thorough testing on your GHE instance — that kind of real-world verification is invaluable.

[tillig]

Thanks! CHANGELOG entry added. Let me know if there's anything else I can do.