Add support for OCI registries as indexes and package sources

[Clockwork-Muse]

What's the problem this feature will solve?

I have a number of private python packages built from source on GitHub, and I would like to host them inside the GitHub artifact/package registry (not an external one). Unfortunately, GitHub has made no apparent progress in implementing storage.

Describe the solution you'd like

Instead, if pip supported the OCI spec, packages could be stored in the GitHub artifact registry regardless (or any other compliant implementer). This is attractive for private packages, as it would remove the need to host a separate package registry. It would also make hosting a registry easier for third parties, as there is a standard registry image published by Docker for storage.

Note that there is already an implementing python library to interact with OCI registries, which may aid development.

Alternative Solutions

I'm aware of various ways to host your own python package index, and have access to some of them. Unfortunately, that still doesn't host it on GitHub.
I'm also aware of ways to reference git source control repos, but those break for the following reasons:

• They are source-only, which won't work/is prohibitive if the package needs native resources to be compiled into a wheel (especially if the referencing environment doesn't have those tools installed).
• They require that the git url match how the referencing repository was cloned (ssh vs https), or at least that git is configured locally with multiple ways to authenticate to the remote. This may not be practical in all cases.
  Using a direct reference to a package/wheel in a release may not be possible for some authentication scenarios.

Additional context

N/A

Code of Conduct

• I agree to follow the PSF Code of Conduct.