Some of the patches we do publish, require credentials to logon to the vendor website to download. Without the credentials, the download will not be available to the public.
In the context of your broader question, think of "Patch Manager" really as "Patch Packager".
It really is only a tool that takes specific vendor patches identified by the CA content team, and packages them into the Software Delivery library. It saves you the work of manual package creation.
Thus if there is a vendor not directly supported by our patch content-- as suggested, you can package manually in Software Delivery, like any other software.
And I don't mean to under-sell the work of our content team, on the patches/content we do support. In many cases the install script coming from CA that drives the patch installation my have special handling-- e.g. additional applicability detection for the patch, or non-zero exit code handling.
But in the broader sense, Patch Manager can be thought of as a "packaging" tool. It's still software delivery that sends it to the endpoint and drives the execution.