compat handlers: add X-Registry-Auth header support

* Support the `X-Registry-Auth` http-request header.

 * The content of the header is a base64 encoded JSON payload which can
   either be a single auth config or a map of auth configs (user+pw or
   token) with the corresponding registries being the keys.  Vanilla
   Docker, projectatomic Docker and the bindings are transparantly
   supported.

 * Add a hidden `--registries-conf` flag.  Buildah exposes the same
   flag, mostly for testing purposes.

 * Do all credential parsing in the client (i.e., `cmd/podman`) pass
   the username and password in the backend instead of unparsed
   credentials.

 * Add a `pkg/auth` which handles most of the heavy lifting.

 * Go through the authentication-handling code of most commands, bindings
   and endpoints.  Migrate them to the new code and fix issues as seen.
   A final evaluation and more tests is still required *after* this
   change.

 * The manifest-push endpoint is missing certain parameters and should
   use the ABI function instead.  Adding auth-support isn't really
   possible without these parts working.

 * The container commands and endpoints (i.e., create and run) have not
   been changed yet.  The APIs don't yet account for the authfile.

 * Add authentication tests to `pkg/bindings`.

Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

pkg/api/handlers/libpod/manifests.go

@@ -120,6 +120,10 @@ func ManifestRemove(w http.ResponseWriter, r *http.Request) {
 	utils.WriteResponse(w, http.StatusOK, handlers.IDResponse{ID: newID})
 }
 func ManifestPush(w http.ResponseWriter, r *http.Request) {
+	// FIXME: parameters are missing (tlsVerify, format).
+	// Also, we should use the ABI function to avoid duplicate code.
+	// Also, support for XRegistryAuth headers are missing.
+
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)
 	query := struct {