refactor: use oras-credentials-go for credential management

[Wwwsylvia]

Resolves: #600
Resolves: #637

[codecov-commenter]

Codecov Report

Merging #654 (16be413) into main (5fdefed) will decrease coverage by 2.23%.
The diff coverage is 20.61%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@            Coverage Diff             @@
##             main     #654      +/-   ##
==========================================
- Coverage   61.35%   59.13%   -2.23%     
==========================================
  Files          42       40       -2     
  Lines        2280     2183      -97     
==========================================
- Hits         1399     1291     -108     
- Misses        782      795      +13     
+ Partials       99       97       -2     

Impacted Files	Coverage Δ
cmd/notation/login.go	26.08% <0.00%> (-3.19%)	⬇️
cmd/notation/logout.go	50.00% <0.00%> (+5.88%)	⬆️
internal/auth/credentials.go	0.00% <0.00%> (ø)
cmd/notation/registry.go	61.95% <55.55%> (-5.97%)	⬇️
cmd/notation/common.go	100.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[Wwwsylvia]

Behaviors of this PR

notation login

• If the provided credential is invalid or the connection to registry fails, throw an error
  

• If there is a credentials store configured in the notation config file

  • Save the credential into the configured credentials store

• If no credentials store is configured, or the notation config file does not exist

  • Use the platform-default credentials store, and set it back to the notation config file
  • If the platform-default credentials store is not installed
    • If the provided credential is identical with the existing credential, print:
      
    • If the provided credential is different with the saved one, throw an error
      

notation logout

• If there is a credentials store configured in the notation config file
  • Remove the credential of the registry
• If no credentials store is configured, or the notation config file does not exist
  • No operation

Other notation operations that require authentication

Look for the credentials in following order:

1. notation config file

• Configured credential helpers
• Configured credentials store
• Platform-default credentials store
• Plaintext credentials

2. Docker config file

• Configured credential helpers
• Configured credentials store
• Platform-default credentials store
• Plaintext credentials

Related links

• oras-credentials-go repository
• oras-credentials-go design discussion

[Wwwsylvia]

I'm still trying to understand this process. So, under what circumstances does Notation login/logout perform write operations (if any) on the Docker config file?

notation will never write to the Docker config file.
If no credentials store is configured, or the notation config file does not exist, notation will use the platform-default credentials store, and set the "credsStore" field back to the notation config file.

[Two-Hearts]

LGTM

[JeyJeyGao]

LGTM

[shizhMSFT]

LGTM with nit.

[JeyJeyGao]

LGTM

[Two-Hearts]

LGTM

[shizhMSFT]

LGTM

[priteshbandi]

LGTM

[JeyJeyGao]

LGTM

[Two-Hearts]

LGTM

[shizhMSFT]

LGTM