[feat] pull-through caching/proxying for images

[DerekTBrown]

Background

• Motivation: [feature request] Pulling images from remote registries #355

• In my "real" Kubernetes clusters, I use ECR as an image registry. Nodes are automatically authorized/configured to pull from ECR through a combination of IAM and containerd settings.

• I want my Tilt Kubernetes clusters to mirror "real" clusters as much as possible. I want to avoid making Tilt-specific modifications to Kubernetes manifests to make them work (see discussion in [feature request] Pulling images from remote registries #355).

• There currently isn't a way to achieve both of these goals simulaneously:

  • I could use some combination of docker pull && docker push or kind load, though this makes the Tilt configuration clunky.
  • I could provide imagePullSecrets, but this causes the Tilt configuration to deviate from the "real" configuration (and would require modifying hundreds of helm charts).

• Note: I think there are other, similar usecases for providing cluster authentication credentials. For example, a user might want to avoid Docker registry ratelimits by providing a user token.

What does this PR do?

• This PR adds the ability for a user to configure pull-through proxy/cache registries, which are attached to the kind cluster (possible in other cluster provisioners, but I have chosen this as a starting point).
• Authentication can be passed to the proxy via the username and password properties, or via a templated env var to password.