Support containers auth

[achilleas-k]

Currently we don't support using containers that require authorization.

For building, osbuild uses skopeo to pull a container and will implicitly read the auth file from the standard locations described in containers-auth.json(5). However, bootc-image-builder wont be able to resolve the container to generate the manifest unless we explicitly set the path to the auth file with resolver.AuthFilePath = path.

We should support (and document) a process for users to mount an auth file into the BIB container and read it during the resolve process.

This limitation can also be worked around with the local container store feature once that's finished (pull the container on the host while authed and then use the local store to build).

[ondrejbudai]

I agree that this should be solved with the local container store, not sure if we want to reimplement auth in bib...

[achilleas-k]

Yeah I think I wrote this before we knew exactly what we were going to do with local store. I'll consider this fixed once we get that.

[ondrejbudai]

We implementing pulling from the host's container storage, and this is the recommended of doing authenticated pulls (so bib doesn't need to reimplement auth itself). See https://github.com/osbuild/bootc-image-builder?tab=readme-ov-file#using-local-containers for docs.