Allow download schemes to support but not require authentication

* If the current user is unauthenticated and the scheme requires
  authentication, don't list it.

* If the patch is not visible to anonymous users and the scheme
  does not support authentication, don't list it.

In particular, since https on googlesource.com supports but does not
require authentication, this should allow the https download links to
be shown again on private changes on that gerrit instance (like they
were before ea62148983).

Change-Id: Icf3177c0f90062df4d3264375a6a6035251b91cf

gerrit-extension-api/src/main/java/com/google/gerrit/extensions/config/DownloadScheme.java

@@ -29,6 +29,11 @@ public abstract class DownloadScheme {
   /** @return whether this scheme requires authentication */
   public abstract boolean isAuthRequired();
 
+  /** @return whether this scheme supports authentication */
+  public boolean isAuthSupported() {
+    return isAuthRequired();
+  }
+
   /** @return whether the download scheme is enabled */
   public abstract boolean isEnabled();
 }

gerrit-server/src/main/java/com/google/gerrit/server/change/ChangeJson.java

@@ -855,7 +855,7 @@ public class ChangeJson {
       }
 
       ChangeControl ctl = control(cd);
-      if (!scheme.isAuthRequired()
+      if (!scheme.isAuthSupported()
           && !ctl.forUser(anonymous).isPatchVisible(in, db.get())) {
         continue;
       }