So, in looking at SolrCLI, I don't see how
SOLR-8053 helps much. SolrCLI usually does not create requests but rather goes directly through the JSON API using routines such as getJson() and postJsonToSolr(). As I thought before, the right place to add basic auth seems to be in getHttpClient().
However, I do also see some places where for cloud tools, a CloudSolrClient is created. There, something else is needed.
Finally, I had somehow expected that getCommonToolOptions() would do just that, and I would be able there to add options. I see now that would be a mistake - the ExampleTool does not need an authentication option, because it will not be creating a cloud that uses security.json.
For now, I will make a start by making sure that CreateTool() works properly, with a manually added Option for that tool. I will therefore also be handling CreateCollectionTool(). Once that works, I'll have to slowly work forward to other tools, and I will need help to know that I've got all of them that need this option.
How the username and password are passed in is less important to me right now - I can iterate on that once I have a basic mechanism.