Allow credentials to be retrieved from the environment

[pento]

So that the upload_patch task can be run programatically, it would be helpful if it could retrieve WordPress.org credentials from the environment.

To Test

In WordPress' package.json, set grunt-patch-wordpress to WordPress/grunt-patch-wordpress#add/credentials-from-environment, then run npm install.

Run:

export WPORG_USERNAME=matt
export WPORG_PASSWORD=MyPasswordIsVerySecure12345
grunt uploadPatch:40000

[aaronjorbin]

Related: #40, #37

https://www.npmjs.com/package/keytar seems like it might be a bit more secure than a plain text ENV variable.

If we do go this route though, I think it might make sense to not add the useEnv flag but instead to look for if the variables are set, and if they are set try to use them. Especially as we are trying to remove grunt as a dependency.

[kadamwhite]

I'm fine with either the approach here or the more secure option proposed by @aaronjorbin but, with apologies, the landing of a few other PR's have introduced merge conflicts either way. Sorry for dropping that on you @pento

[pento]

Huh, keytar is cute. I'm launching grunt upload_patch from a Node spawn() call though, so providing credentials via the ENV is simple, I don't know how well it'll play with system keychains.

I added the useEnv option to ensure it couldn't be used accidentally, but it's probably a reasonable assumption that the ENV variables will only be set if someone actually wants to use this behaviour.

[ntwb]

No objections on either method, I'm happy to go as-is for now and look to adding keytar in a future iteration 👍

[ntwb]

👍