Allow oci_push to use plain HTTP for a specific host.

[abayer]

Right now, we can only push to HTTPS, which is creating some problems for a project I'm working on where we'd really like to push to a local registry container. We can in theory add a self-signed cert to that registry container, but the hoops you have to jump through to make that work on Docker Desktop for Mac are considerable and definitely require manual intervention, so it'd be really, really nice if we could instead optionally push to a http host.

This adds a new attribute to oci_push, plain_http_host, which is a string value for a Docker registry host, including port if needed. This is an optional attribute, defaulting to the empty string. It'll be passed to the ocitool call as --plain-http-host="<value>", and onwards from there to ResolverWithHeaders and on to credhelper.RegistryHostsFromDockerConfig. If it's non-empty, the returned docker.RegistryHosts function will check if the host parameter matches plainHTTPHost, and if so, it'll change the Scheme for the host from https to `http.

[abayer]

Soooo this doesn't work in a bunch of ways, as it turns out. The next problem is that dockerRegPusher.Mount has a hardcoded https - I did manage to work around that by creating a new resolver in CopyContent to use for that Mount call with the original ref for the parent, rather than a relative one, but that's probably a bad idea in a few ways.

And even once that part "worked", I was still unable to actually push - I think that's because the parent image and its layers aren't in the registry I'm trying to push to. I think that oci_push doesn't actually work at all if the "parent" image (based on the org.opencontainers.image.base.name annotation on parent layers) isn't in the registry you're pushing to, regardless of http vs https etc. Maybe. In any case, I'm giving up on this. =)