Add additional catalog indexes for performance

[wagoodman]

This adds additional indexes for:

• basename
• basename globs
• file extension

These can be optionally leveraged for improved performance instead of using the standard search by glob against the filetree.

Preview of change in syft (today's behavior):

time go run ./cmd/syft ~/images/virt-manager.tar -vvv  
# ...
real	4m34.067s
user	5m49.291s
sys	0m6.189s

With the new indexes being leveraged:

time go run ./cmd/syft ~/images/virt-manager.tar -vvv
# ...
real	38.155s
user	43.73s
sys	12.88s

In order for the indexes to work with consideration to link resolution, the file.References returned from the file tree need to additionally have link resolution results for the leaf-case only. By leaf case, I mean this only surfaces links on the basenames of paths, not in parent (directory) paths. Surfacing ancestor link resolution can be done but is outside of the scope of this PR.

Why is this link resolution needed? With tree-based searches the results from the search are inherently in the tree. This is not the case with indexes --the indexes are across all trees (say all layer or squash trees). This means that the results from an index lookup needs to be filtered based on nodes that are in the tree. It is important during this step that file catalog entries have the same reference ID as what is fetched from the tree, otherwise it would be possible to return a result that was fetched from the catalog but is not in the tree. However, consider a search against an index that returns a symlink which resolves to a real file that is in the tree (so is a valid result)... without considering link resolution results from these cases would be dropped.

Specific changes:

• Splits the image.FileCatalog into two objects, where most of the index-specific implementation has been migrated to filetree.Index
• filetree.Filetree now returns file.Resolution to illustrate basename link resolution with multiple file.Resolution objects. These objects show the path that was requested and the file.Reference that resolved to.
• Deprecates multiple Image and Layer methods which names and functions made more sense with pervious implementations (and no longer with this one). This includes any FileContents*() and FileByMIMEType* methods.
• Removes tar-specific fields from file.Metadata and raises the file.Metadata object to be used more agnostically (e.g. from syft's directory resolver). Additionally this pivots the existing file.Type enumerations away from the standard lib tar package constants, swapping for new, tar-independent constants. A new type (int) is selected to ensure this is a breaking change from a type-system perspective and not a breaking change from a (subtle) value semantics perspecitive.
• Adds consistent set implementations for ID, path, and filenodes (which are leveraged more in this PR). This sets up for a generic implementation (which was removed from this PR for scope and go 1.19 generics bugs).
• Adds a new filetree.Searcher abstraction and concrete filetree.searchContext implementation for leveraging optional indexes when searching by glob, path, or MIME type.
• Adds a new glob parser to drive glob searching for the new filetree.searchContext, rewriting globs as needed to best match the available indexes from filetree.Index
• Introduces filetree.Reader, filetree.Writer and filetree.ReadWriter interfaces to better restrain operations on filetrees from Image and Layer objects.
• Adds a filetree.Builder to help construct both filetree.FileTrees and filetree.Indexes in a coordinated fashion.

[github-actions]

Benchmark Test Results

Benchmark results from the latest changes vs base branch

latest: Pulling from library/ubuntu
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
docker: 
           │ ./.tmp/benchmark-42c7e84.txt │
           │            sec/op            │
TarIndex-2                   42.51µ ± ∞ ¹
¹ need >= 6 samples for confidence interval at level 0.95

           │ ./.tmp/benchmark-42c7e84.txt │
           │             B/op             │
TarIndex-2                  5.560Ki ± ∞ ¹
¹ need >= 6 samples for confidence interval at level 0.95

           │ ./.tmp/benchmark-42c7e84.txt │
           │          allocs/op           │
TarIndex-2                    93.00 ± ∞ ¹
¹ need >= 6 samples for confidence interval at level 0.95

pkg: github.com/anchore/stereoscope/test/integration
                                      │ ./.tmp/benchmark-42c7e84.txt │
                                      │            sec/op            │
SimpleImage_GetImage/docker-archive-2                   1.507m ± ∞ ¹
SimpleImage_GetImage/oci-archive-2                      1.293m ± ∞ ¹
SimpleImage_GetImage/oci-dir-2                          821.5µ ± ∞ ¹
geomean                                                 1.170m
¹ need >= 6 samples for confidence interval at level 0.95

                                      │ ./.tmp/benchmark-42c7e84.txt │
                                      │             B/op             │
SimpleImage_GetImage/docker-archive-2                  350.8Ki ± ∞ ¹
SimpleImage_GetImage/oci-archive-2                     632.6Ki ± ∞ ¹
SimpleImage_GetImage/oci-dir-2                         399.8Ki ± ∞ ¹
geomean                                                446.0Ki
¹ need >= 6 samples for confidence interval at level 0.95

                                      │ ./.tmp/benchmark-42c7e84.txt │
                                      │          allocs/op           │
SimpleImage_GetImage/docker-archive-2                   2.640k ± ∞ ¹
SimpleImage_GetImage/oci-archive-2                      1.550k ± ∞ ¹
SimpleImage_GetImage/oci-dir-2                          1.334k ± ∞ ¹
geomean                                                 1.761k
¹ need >= 6 samples for confidence interval at level 0.95

docker: Error response from daemon: Get "http://localhost/v2/": dial tcp [::1]:80: connect: connection refused.
                                                   │ ./.tmp/benchmark-42c7e84.txt │
                                                   │            sec/op            │
SimpleImage_FetchSquashedContents/docker-archive-2                   17.35µ ± ∞ ¹
¹ need >= 6 samples for confidence interval at level 0.95

                                                   │ ./.tmp/benchmark-42c7e84.txt │
                                                   │             B/op             │
SimpleImage_FetchSquashedContents/docker-archive-2                  2.648Ki ± ∞ ¹
¹ need >= 6 samples for confidence interval at level 0.95

                                                   │ ./.tmp/benchmark-42c7e84.txt │
                                                   │          allocs/op           │
SimpleImage_FetchSquashedContents/docker-archive-2                    21.00 ± ∞ ¹
¹ need >= 6 samples for confidence interval at level 0.95

[spiffcs]

Initial LGTM - I need to go back and double check the test file since it was the largest diff from this change. The tests run correctly locally and no diffs between local env and CI.

Do you want to wait for the syft PR that incorporates these changes before doing the final merge?

I can also test the syft integration if that's up for review

[spiffcs]

I know we're trying to move indexes away from Glob matching in this PR - Is this the best name here?

The function is written so that ** and / are not supported so I'm trying to think through what kinds of globs are matched then which improve the performance. Let me also check out the test for this since that might help in my review. I'l follow up with other comments as I go through this.

[wagoodman]

@spiffcs

Do you want to wait for the syft PR that incorporates these changes before doing the final merge?

Already done! anchore/syft#1510 (all PR checks passing, a lot of tests added)

I've added a lot of link resolution logic changes which warrants another review

[kzantow]

👍

[kzantow]

This is feeling like we could start to use generics

[wagoodman]

I already did, I ran into a 1.19 specific generics bug that causes it to fail under a specific circumstance. For that reason I reverted and went back to plain-ol'e copy paste. From the PR description:

Adds consistent set implementations for ID, path, and filenodes (which are leveraged more in this PR). This sets up for a generic implementation (which was removed from this PR for scope and go 1.19 generics bugs).

[wagoodman]

Also, this is the commit where I implemented the generic approach 033d3e4 ... one of the tests fails in go 1.19 but passes in 1.20

[kzantow]

A 3rd set that could benefit by generics, maybe

[wagoodman]

yup, also covered in #154 (comment) and hinted at in the code comment below https://github.com/anchore/stereoscope/pull/154/files/386c9452f15073e4f989565ef0b66d107e28b5f9#diff-4e1b6915f312bc282522573c59b7782b79f9c16c912d9ac35c3918da07502e9aR11

[kzantow]

nit: is underscore naming a standard thing in go?

[wagoodman]

probably more of a alex-ism, more from python really

[kzantow]

nit: could an assert.JSONEq work here? The output can be easier to read than the cmp.Diff

[wagoodman]

Since this is with struct instances and am not planning in testing the json representation of these I think something like cmp.Diff is the right tool here.

[spiffcs]

First pass done - I've got about 23 files left I've marked to go back through to figure out how they work.