feat(pip): Add 'pythonInspectorVerbose' option to enable detailed resolver output

[wkl3nk]

Introduce a 'pythonInspectorVerbose' flag in the PIP plugin configuration to enable more informative output from python-inspector. When set to true, it shows additional details such as dependency resolution steps, environment data, repository configuration, and used credentials. This helps diagnose repository access and configuration issues.

Please note that passwords are currently displayed in plain text in the output of python-inspector. Therefore, please activate this new switch with caution. A feature request to mask passwords in the output has already been submitted:
aboutcode-org/python-inspector#254

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.41%. Comparing base (3fdc5f9) to head (195f52c).
⚠️ Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
...rs/python/src/main/kotlin/utils/PythonInspector.kt	0.00%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #11058      +/-   ##
============================================
- Coverage     57.42%   57.41%   -0.01%     
  Complexity     1703     1703              
============================================
  Files           346      346              
  Lines         12835    12837       +2     
  Branches       1215     1216       +1     
============================================
  Hits           7370     7370              
- Misses         4998     5000       +2     
  Partials        467      467              

Flag	Coverage Δ
funTest-no-external-tools	31.19% <0.00%> (-0.01%)	⬇️
test-ubuntu-24.04	42.34% <0.00%> (-0.01%)	⬇️
test-windows-2025	42.32% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sschuberth]

it shows [...] used credentials.

So, does it log passwords in pain text?

[wkl3nk]

So, does it log passwords in pain text?

Yes, currently it does.
In parallel, I have created a feature request in python-inspector to reduce the risk of password leaks: aboutcode-org/python-inspector#254

[sschuberth]

Yes, currently it does.

Then I think think should be make very clear in the comment for the introduced property. And the commit message should also refer to that and ideally contain the link to your newly created issue.

[fviernau]

Should the KDoc warn about the plaintext passwords being logged?

[sschuberth]

See #11058 (comment).

[wkl3nk]

Added a section in the commit message to be cautions when enabling this option, especially until python-inspector does do no masking of the password.

[sschuberth]

Please also add it to this code comment. It's too hidden in the commit message for such an important note.

[fviernau]

Should we give this a Python inspector specific name?
(So, that we do not mix this up with Ort code verbosity)

maybe: pythonInspectorVerbose ?

[wkl3nk]

Yes, makes sense, added it.

[MarcelBochtler]

I explicitly disabled this flag in #10624.
Until this issue is fixed in the Python Inspector, I don't think that we should give ORT users the possibility to use the --verbose in any way.
I'm also not convinced that warning about this in a code comment or in the commit message is enough to handle this issue.

[sschuberth]

I explicitly disabled this flag in #10624. Until this issue is fixed in the Python Inspector, I don't think that we should give ORT users the possibility to use the --verbose in any way.

So, how to proceed with this @MarcelBochtler, @wkl3nk? Should we close this PR for now?