[WIP] Login rework

[apostasie]

WORK IN PROGRESS

Fixed:

• fix Login to docker.io failed. (expected acArg to be "docker.io", got "registry-1.docker.io") #3245 (cc @lingdie ):
  • docker.io index.docker.io, with or without port 443, with or without scheme, will all be treated as meant for "docker hub" and use whatever credentials are associated with it
• fix Even when explicitly passing https, registry requests to localhost are downgraded to http  #3046:
  • we now allow passing explicit --insecure-registry=false (and treating it differently from "no flag"), which allows the user to override the default behavior for localhost (default behavior being to treat localhost as always insecure)
• fix hosts.toml file resolution does not seem to account for default port being ommitted #3047
  • existing "port-less" hosts.toml files are now considered and used when the registry being requested uses the default 443 port (or no port at all, which is considered equivalent)
• fix nerdctl login should warn about passing along an explicit scheme #3052
  • when an http scheme is explicitly used in front of the server url, we are now warning the user that the scheme is ignored entirely and that our behavior is governed by the use of the insecure flag (which is the current behavior)
• fix nerdctl login used against a basic auth server will error in confusing ways after hammering the server #3068
  • containerd remotes/docker/resolver should be fixed instead, but it was patchable here

Other changes:

• nerdctl now returns a user-agent string with version and OS
• removing IsErrHTTPResponseToHTTPSClient, as http.ErrSchemeMismatch is usable in place
• new errors

TODO:

• implement result of design discussion at [Design discussion] docker credentials and hosts.toml #3265
• cleanup logic in push / pull to use the new credentials / hosts resolver mechanisms
• add tests for TLS client auth
• add docs
• nerdctl pull from private registry mirror is missing Authorization header #2844

To be confirmed:

• Option --insecure-registry does not work with pull & push (no route to host) #299

Currently NOT addressed:

• Add harbor to our integration testing suite? #3257
• Cannot pull image from private repository after successful login #920
  • WFM - cannot produce
• nerdctl push interop issue with Harbor registry #1675

[apostasie]

@AkihiroSuda I am closing this as I am breaking it down and distilling it into smaller, separate PRs to ease review. Will keep the branch as long as there are things to merge, but otherwise there is no reason to keep this open.