fix: _parse_artifactory_base_url() ignores PROXY_REGISTRY_URL — lockfile reinstall fails (#614)

[chkp-roniz]

Summary

Fixes #614.

• Fix A: _parse_artifactory_base_url() now reads PROXY_REGISTRY_URL first, falling back to ARTIFACTORY_BASE_URL with a DeprecationWarning — matching RegistryConfig.from_env() precedence.
• Fix B: Virtual subdirectory download path now checks dep_ref.is_artifactory() (Mode 1: explicit FQDN from lockfile) before falling through to the env var check (Mode 2). This matches the non-virtual path and the virtual file/collection paths.
• Migrates all tests to canonical PROXY_REGISTRY_* env vars; adds backward-compat tests for the deprecated aliases.

Root cause

_parse_artifactory_base_url() only read the deprecated ARTIFACTORY_BASE_URL env var. Users setting only PROXY_REGISTRY_URL (the canonical var from #401) could not reinstall virtual subdirectory packages from lockfile because:

1. The env var was never read, so no proxy was configured.
2. The virtual subdirectory path lacked a Mode 1 (explicit FQDN) check, so lockfile-restored host/prefix metadata was ignored.

Test plan

• 113 artifactory-specific tests pass (13 new)
• 3683 total unit tests pass
• E2E validated: PROXY_REGISTRY_URL + PROXY_REGISTRY_ONLY=1 fresh install and lockfile reinstall of virtual subdirectory package through real Artifactory proxy
• Security review: no SSRF, no credential leaks, no internal data in diff
• Backward compat: ARTIFACTORY_BASE_URL and ARTIFACTORY_ONLY still work with deprecation warnings

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Fixes a lockfile reinstall failure for virtual subdirectory packages when users configure the registry proxy via the canonical PROXY_REGISTRY_* env vars, aligning Artifactory/proxy detection across code paths and adding regression tests.

Changes:

• Update _parse_artifactory_base_url() to prefer PROXY_REGISTRY_URL and fall back to ARTIFACTORY_BASE_URL with a DeprecationWarning.
• Ensure virtual subdirectory downloads honor lockfile-restored Artifactory metadata (dep_ref.is_artifactory()) before consulting env-driven proxy configuration.
• Migrate/extend unit tests to cover canonical env vars plus backward-compat behavior for deprecated aliases.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
src/apm_cli/deps/github_downloader.py	Aligns proxy base URL parsing with canonical env var precedence and fixes virtual subdirectory Mode 1 (lockfile FQDN) routing.
tests/unit/test_artifactory_support.py	Updates existing tests to use canonical PROXY_REGISTRY_* vars and adds new regression tests for both fixes and deprecated-alias compatibility.

[chkp-roniz]

All three review comments addressed in 7ed9ca5:

1. Non-ASCII box-drawing chars → replaced ── with -- (plain ASCII).
2. Class rename → TestArtifactoryOnlyMode → TestProxyRegistryOnlyMode.
3. DRY delegation → _parse_artifactory_base_url() now delegates to RegistryConfig.from_env() directly, eliminating duplicated env-var parsing logic. Uses an uncached call (not self.registry_config) since this method must reflect the current env on each invocation.

All 3683 unit tests pass.