Allow for configurable skopeo credentials during pulling of the ROCK base image.

[aznashwan]

What needs to get done

rockcraft.oci.Image class needs extending to add configurable credentials during the skopeo copy of the base image from Amazon ECR.

Will probably need adding the args as top-level rockcraft args themselves and transparently propagating the arguments down to the actual skopeo copy command using --src-creds as seen in man skopeo-copy.

Why it needs to get done

Although ECR is considerably more lenient than DockeHub in terms of data pull limits for unverified requests, it still has them, leading to errors like these:

024-07-29 11:06:56.991 Execute process: ['/snap/rockcraft/1783/bin/skopeo', '--insecure-policy', '--override-arch', 'amd64', 'copy', '--retry-times', '5', 'docker://public.ecr.aws/ubuntu/ubuntu:22.04', 'oci:/root/images/ubuntu:22.04'], kwargs={}
2024-07-29 11:10:30.466 Failed to copy image: Command '['/snap/rockcraft/1783/bin/skopeo', '--insecure-policy', '--override-arch', 'amd64', 'copy', '--retry-times', '5', 'docker://public.ecr.aws/ubuntu/ubuntu:22.04', 'oci:/root/images/ubuntu:22.04']' returned non-zero exit status 1. (time="2024-07-29T11:07:28Z" level=warning msg="Failed, retrying in 1s ... (1/5). Error: initializing source docker://public.ecr.aws/ubuntu/ubuntu:22.04: reading manifest 22.04 in public.ecr.aws/ubuntu/ubuntu: toomanyrequests: Data limit exceeded"

Depending on the project being rock'd, these limits can be quite the nuisance.

The canonical/harbor-rocks repo for example defines rocks for 10 components x 3 versions x 2 architectures = 60 whole images, and it's virtually guaranteed that 2-3 of the build workflows will fail.

[aznashwan]

Related in cause to #655 but functionally independent.