I actually tried building it that way first. I made a tiny static site generator and had Apache enforce basic auth. Creating new users required ssh-ing to the server and modifying the account list. I didn't see that as an approach that would be accessible to less-technical people.

I know Netlify supports basic auth via a config file when you publish. Unsure of other hosts.