fix: strip credentials from git remote URLs in comfy node init

[bigcat88]

When a user has a personal access token or other credentials embedded in their git remote URL (e.g. https://token@github.com/user/repo.git), comfy node init writes that token into the generated pyproject.toml under Repository, Documentation, and Bug Tracker URLs. This is a security issue since the token can end up committed and pushed publicly.

This adds a small helper that strips credentials from the URL right after retrieving it from git, before it gets written anywhere. SSH URLs and clean HTTPS URLs pass through unchanged.

Fixes #342

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@            Coverage Diff             @@
##             main     #376      +/-   ##
==========================================
+ Coverage   60.49%   62.47%   +1.98%     
==========================================
  Files          33       33              
  Lines        3678     3683       +5     
==========================================
+ Hits         2225     2301      +76     
+ Misses       1453     1382      -71     

Files with missing lines	Coverage Δ
comfy_cli/registry/config_parser.py	93.54% <100.00%> (+43.54%)	⬆️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.