implement review comment about anon/req token

from: oras-project#148 (comment)

> And if the basic auth is there, skip over asking for an anon token

as it stands, in case the basic auth are present,
these are exchanged for the request token.

Signed-off-by: tarilabs <matteo.mortari@gmail.com>

Author: tarilabs

.gitignore

@@ -7,3 +7,6 @@ env
 __pycache__
 .python-version
 .venv
+.vscode
+build
+dist

oras/auth/token.py

@@ -71,16 +71,18 @@ def authenticate_request(
 
         h = auth_utils.parse_auth_header(authHeaderRaw)
 
-        # First try to request an anonymous token
-        logger.debug("No Authorization, requesting anonymous token")
-        anon_token = self.request_anonymous_token(h)
-        if anon_token:
-            logger.debug("Successfully obtained anonymous token!")
-            self.token = anon_token
-            headers["Authorization"] = "Bearer %s" % self.token
-            return headers, True
-
-        # Next try for logged in token
+        # if no basic auth, try by request an anonymous token
+        if not hasattr(self, '_basic_auth'):
+            logger.debug("No Basic Auth found, requesting anonymous token")
+            anon_token = self.request_anonymous_token(h)
+            if anon_token:
+                logger.debug("Successfully obtained anonymous token!")
+                self.token = anon_token
+                headers["Authorization"] = "Bearer %s" % self.token
+                return headers, True
+
+        # try using auth token
+        logger.debug("requesting Auth Token")
         token = self.request_token(h)
         if token:
             self.token = token