For the public crates registry at Crates.io, only commands that involve publishing crates,
yank perform and/or require authorization.
This poses a problem for a private crates registry, because under that model, it is possible to download the
.crate artifacts (source code) for any crate hosted at the registry server, without any authorization, so long
as the crate name and version are known or guessed.
Also, when performing
cargo check and other build commands that do not involve publishing crates,
cargo does not (currently) include an "Authorization" header, so there is no way for a private crate registry
server to determine whether the requester is authorized to perform the request.