@pwaller’s explanation about client and daemon is correct.
Accepting netrc file paths in the daemon would be risky because it may expose arbitrary file existence and/or contents to non-root users. Accepting netrc contents (by value) would be an improvement, but not completely risk-free either, but probably worth the tradeoff.
Eelco has work in progress on this topic: Pluggable authentication by edolstra · Pull Request #9857 · NixOS/nix · GitHub