Deduplicate NuGet sources provided from NuGet.Config and .NET CLI arguments for tool install

[baronfel]

Is your feature request related to a problem? Please describe.

When a user has a NuGet.config with a source in it and also provides that same source URL from the commandline via the --add-source CLI option, our usage of the NuGet APIs treats that as 2 distinct sources. If that source requires authentication, then that authentication only applies to one of the sources (often the one from the NuGet.config). This leads to hard-to-diagnose failures when the duplicate source is used for the tool installation.

Describe the solution you'd like

Tool install (and possibly any other command that supports the --add-source semantic) should deduplicate the sources used for the install based on the URL.

[dsplaisted]

@nkolev92 @zivkan Any thoughts on this? A feed might be configured differently in NuGet.config than it would be with --add-source, so I'm not sure what the correct de-duping behavior would be.

[nkolev92]

Dedup and take the credentials from the config. Basically dedup and take the PackageSource created by the config APIs.

Some related code: https://github.com/NuGet/NuGet.Client/blob/e082545cbba30ec8dc9b759f2d9beea8aabc6215/src/NuGet.Core/NuGet.Commands/RestoreCommand/RequestFactory/RestoreArgs.cs#L169-L176

Some logic you might be able to follow in https://github.com/NuGet/NuGet.Client/blob/e082545cbba30ec8dc9b759f2d9beea8aabc6215/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/PackageReferenceCommands/ListPackage/ListPackageCommand.cs#L245-L265

which effecitvely calls: https://github.com/NuGet/NuGet.Client/blob/e082545cbba30ec8dc9b759f2d9beea8aabc6215/src/NuGet.Core/NuGet.Commands/Utility/PackageSourceProviderExtensions.cs#L15-L30, which handles both by name and url.

[baronfel]

@marcpopMSFT this one is ready to go, implemention-wise. We should talk scheduling at some point.