[TEST] Add integration regression trap for *.ghe.com marketplace auth routing

[edenfunf]

Context

PR #1292 (closes #1285) fixed apm install resolving auth at github.com instead of the registered *.ghe.com host. The fix is covered by 9 unit tests at the resolver layer, but the end-to-end flow

apm install -> resolve_marketplace_plugin -> canonical -> DependencyReference.parse -> AuthResolver -> credential lookup

is not exercised by any test in tests/integration/. The PR review panel called this out as a secure-by-default + governed-by-policy test floor: the auth-routing contract for enterprise marketplaces is policy-load-bearing but not machine-verified end-to-end today.

What's missing

A new integration test under tests/integration/marketplace/test_ghe_marketplace_install_e2e.py that:

• Uses a fixture GHE-style marketplace manifest (no real network call required)
• Exercises the full install resolution pipeline including AuthResolver.resolve_for_dep
• Asserts the credential context is bound to the registered enterprise host (not github.com)
• Covers at minimum: relative source, dict github source with bare repo matching marketplace project, dict github source with host-qualified repo
• Uses the marker-driven requires_* discovery pattern per CONTRIBUTING.md

Why not part of PR #1292

Fixture-backed integration tests require marker registration and would inflate the PR's scope substantially. The review panel agreed this is appropriately a follow-up rather than a merge blocker.

Related

• PR: fix: marketplace install auth host on *.ghe.com (closes #1285) #1292
• Origin issue: [BUG] Marketplace install fails for *.ghe.com hosts — auth resolves against github.com instead of registered host #1285