Go-get: fix 401 error for unauthenticated requests

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/493732

**Problem**

Self-managed instances that restricted password authentication for Git
over HTTP(S) started to receive 401 error code for `go-get=1` requests
from go toolchain.

The reason is a missing return for the case when request doesn't have
basic credentials.

It was introduced in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161162.

**Solution**

Restore check for missing basic credentials and add a test case.

lib/gitlab/middleware/go.rb

@@ -130,6 +130,7 @@ def project_for_path(path_info)
       # can_read_project? checks if the request's credentials have read access to the project
       def can_read_project?(request, project)
         return true if project.public?
+        return false unless has_basic_credentials?(request)
         login, password = user_name_and_password(request)
         auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, request: request)

spec/lib/gitlab/middleware/go_spec.rb

@@ -60,6 +60,16 @@
                 it 'returns the 2-segment path' do
                   expect_response_with_path(go, enabled_protocol, project.full_path)
                 end
+
+                context 'when instance does not allow password authentication for Git over HTTP(S)' do
+                  before do
+                    stub_application_setting(password_authentication_enabled_for_git: false)
+                  end
+
+                  it 'returns the 2-segment path' do
+                    expect_response_with_path(go, enabled_protocol, project.full_path)
+                  end
+                end
               end
               context 'when authorization header is present but invalid' do