Language-specific packagers that source directly from VCS services, could easily accommodate the need to specify credentials for source repositories -- in the same way you need cloud-provider credentials to run cloud-provider command-line utilities. So that's not a problem.

For other packagers and OSes: packages don't happen out of thin air: someone has to write recipes and scripts, and test them. So that's already some revenue right there, especially from the big players. Companies like RedHat and Ubuntu could just cut a flat $10m check every year, distributed to projects proportionally in accordance with OS-provided stats like popularity-contest. That's the easy option. Ideally, you would also have some buy-in from the major OS distributions that could somehow "trickle down" the model to their own packages (say, linking a VCS repo to an OS package and reporting activity accordingly: "You asked to apt-get install Redis, but I've checked with a webservice and you have already downloaded it 2 times from Github.com today: time to pony up!". In most cases, this sort of link is already documented formally, somewhere in the package definition.)

Like newspaper paywalls, it doesn't need to be perfect; it just has to be enough hassle that most people who can afford to make the pain go away, will just do that.