You can select http/https using the special label __scheme__, and the URL path with __metrics_path__. Rewriting rules can be made conditional by matching on extra labels. (Rewrite rules can have a source with multiple labels. The values are joined together, by default with semicolon but you can choose something else. You then match a regex on the whole combined string)
Unfortunately, authentication can only be set at the scrape job level, and that will be your stumbling block.
You might think about writing a HTTP proxy for the scrapes, which takes parameters like target=http%3a%2f%2fx.x.x.x%2fmetrics&auth=secret1. "auth" could then be a key which looks up the credentials in a separate YAML file: e.g.
secret1:
basic_auth:
username: foo
password: bar
You'd use relabelling to send all the scrapes to the proxy, as you'd do with blackbox_exporter or snmp_exporter. The target and auth parameters can be set from labels in the file SD.