Feature request: fine-grained control for Autofill HTTP Basic Auth

[jsachs]

Related to #259

We've hard disabled Autofill HTTP Basic Auth within our organization because of the scary things that can happen when credentials are silently submitted to Basic Auth. However, we have a few users with workflows that are dramatically improved by using HTTP Basic Auth. We'd like them to be able to use this feature on these workflows that we've already vetted. It feels like a good way to support this would be adding an option to allow only specific entries to use HTTP Basic Auth autofill.

We can see this working one of two ways, so this issue might also belong in the keepassxc repo. There could be a browser option that requires you to confirm an entry being used for HTTP autofill the first time it is used. There could also be an implementation of this where indivitual entries have a checkbox or support a metadata entry than indicates to the browser that this specific entry is allowed to be used for autofill.

[varjolintu]

It could be done. This is also related: #273.

[varjolintu]

This will be fixes with the referenced PR (and keepassxreboot/keepassxc#2542). When credentials are retrieved and allowance checked from HTTP Basic Auth dialogs, those permissions will be handled separetely. Denying access in Basic Auth will not affect to the permissions on the actual site.

When combined with keepassxreboot/keepassxc#2143 the behaviour is extended even further.

[varjolintu]

The behaviour of the related PR will be changed so the confirmation popup for HTTP Basic Auth will trigger every time instead of saving separate permissions. It's more simple approach, and it's possible to deny those entries from other pages.