Closes #62

The Artifact Registry, if configured, will scan containers on push to the registry. We're going to use this, along with a cloud function/ pubsub to push these scan results from the various (registered) projects to the Observatory's GCS (as seen in this tutorial. When there's a change to the Observatory GCS, (or rather whenever there is an addition if we're putting time limits on storage, and auto-removing), it will trigger another google pubsub to push results to Observatory's scanner which parses the payload into the form (checkPasses, metadata) and saves into the database via API.

Issues encountered at the moment:
We can easily get the vulnerability Artifact Registry occurrence summary for the project with

curl -X GET -H "Content-Type: application/json" -H \
    "Authorization: Bearer $(gcloud auth print-access-token)" \
    https://containeranalysis.googleapis.com/v1/projects/phx-01h1yptgmche7jcy01wzzpw2rf/occurrences:vulnerabilitySummary

Or just one image with:

gcloud artifacts docker images list --show-occurrences \
--occurrence-filter='kind="VULNERABILITY"' --format=json \
northamerica-northeast1-docker.pkg.dev/phx-01h1yptgmche7jcy01wzzpw2rf/hello-world-app2/hello-world-three

, but using cloud function, so using google grafeas API which seems to be less flexible, and would like to somehow include the container image name in the cloud function, or have a simple summary. (or maybe just the most recent tag as it pulls all occurrences over)

• Decide if going the security command centre or GCS route
• Configure GCS to be deleted after a set time period
• Get image name in cloud function
• configure second cloud function/ pubsub on GCS
• Process payload
• Since this is just push, include a pull route as well triggered by NATs event.