(#3566) Ensure package download from authed source

Update the Credential lookup logic to account for the scenario where
NuGet has forgotten the credentials for the source between determining
the download Uri and trying to download from it. In this instance the
target Uri is a superstring of the source Uri (that is for a source of
`https://repo/repository/my-repository/`, the download might be
`https://repo/repository/my-repository/my-package/1.1.1`). This would
not match the credential lookup, but it should use the configured
credential.

src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs

@@ -111,7 +111,10 @@ public ICredentials GetCredentials(Uri uri, IWebProxy proxy, CredentialType cred
                     .Where(s => !string.IsNullOrWhiteSpace(s.Username)
                         && !string.IsNullOrWhiteSpace(s.EncryptedPassword)
                         && Uri.TryCreate(s.Key.TrimEnd('/'), UriKind.Absolute, out var trimmedSourceUri)
-                        && Uri.Compare(trimmedSourceUri, trimmedTargetUri, UriComponents.HttpRequestUrl, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0)
+                        && (Uri.Compare(trimmedSourceUri, trimmedTargetUri, UriComponents.HttpRequestUrl, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) == 0
+                            // If the target starts with a machine source, we're in a scenario where NuGet is now trying to download the package.
+                            // For whatever reason NuGet sometimes forgets the credentials between discovering the package and downloading the package.
+                            || trimmedTargetUri.ToString().StartsWith(trimmedSourceUri.ToString(), StringComparison.OrdinalIgnoreCase)))
                     .ToList();
 
                 if (candidateSources.Count == 1)