It seems that the GIT-Publisher does not use those credentials that are set for the repo.
Checkout/Clone at the beginning of a job works fine and uses the set credentials.
As soon as I want the job to push a tag with GIT-Publisher, it fails since it does not use those credentials.
This issue, together with
JENKINS-21110 renders the GIT-Publisher rather unusable.