feat: allow public retrievals

[alanshaw]

This PR enables the UCAN authorized retrieval client to allow retrievals from public buckets. That is, public URLs that when requested return the data but NOT an X-Agent-Message header.

[codecov]

Codecov Report

❌ Patch coverage is 90.00000% with 1 line in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
transport/headercar/response/response.go	0.00%	1 Missing ⚠️

Files with missing lines	Coverage Δ
client/retrieval/connection.go	60.25% <100.00%> (+2.82%)	⬆️
transport/headercar/message/header.go	58.53% <ø> (ø)
transport/headercar/response/response.go	0.00% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[frrist]

Maybe call these unauthorized or unauthenticated?

[alanshaw]

Maybe call these unauthorized or unauthenticated?

Hmm, I almost did, but they're not unauthorized - they're allowed to request the data because it's public/open...and actually since it's using the retrieval client it is authorized - it even sends an authroized UCAN, which is unnecessary but the change here is for when you do not know that in advance.

I could get behind WithOpenRetrieval, but I think I prefer WithPublicRetrieval?

AI says:

Words for "not needing authorization" depend on context, but common terms include public, open, permissible, allowable, or unofficial.

[relves]

Curious what the timeline looks like for this to get merged and deployed to the Storacha endpoint?