Set allow-unverified-downloads in initremote

[matrss]

This config setting is meant to protect against downloads from sources that can potentially be spoofed, e.g. private IP addresses which could be assigned to different machines on different networks. We know that this isn't the case for the CDS remote: the target for requests is always determined by the cdsapi package, which in turn talks to the CDS service and does TLS verification due to using HTTPS.

This means that we are unaffected by the security issue the setting is meant to protect against. So there is no need for a user of the CDS special remote to manually set the option in every repository, we might as well do it for them.

[codecov]

Codecov Report

Attention: Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.

Project coverage is 89.26%. Comparing base (8653448) to head (4d3fe0e).
Report is 1 commits behind head on main.

Files	Patch %	Lines
src/datalad_cds/cds_remote.py	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #19      +/-   ##
==========================================
- Coverage   89.79%   89.26%   -0.54%     
==========================================
  Files           5        5              
  Lines         147      149       +2     
==========================================
+ Hits          132      133       +1     
- Misses         15       16       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.