Add support for Basic Authentication to proxyingRegistry

[oliver-goetz]

This PR adds support for Basic Authentication to registry proxy.
Before it supported Bearer tokens only. However, basic auth was already almost implemented as there was already an appropriate AuthenticationHandler used to obtain Bearer tokens.

Fixes #3153

[oliver-goetz]

Could someone help me finding out why these CodeQL are triggered? I don't see it.

[Jamstah]

Looking at the codeql, you haven't introduced any new issues, the issue already exists in the repo. Because you're editing the code where the issue exists, codeql is flagging this pr.

Is there a reason you're renaming the struct? You might get away with it if you don't :)

[oliver-goetz]

Looking at the codeql, you haven't introduced any new issues, the issue already exists in the repo. Because you're editing the code where the issue exists, codeql is flagging this pr.

Is there a reason you're renaming the struct? You might get away with it if you don't :)

Good idea, let's see if it helps 😅

[oliver-goetz]

It is working, crazy 😄
The Github App just shows the wrong status 😞 It is not tested yet.

[ialidzhikov]

The Github App just shows the wrong status 😞 It is not tested yet.

@milosgajdos can you help retesting the above failing check?

Can you also help reviewing this PR? Thanks in advance!

[milosgajdos]

Yeah, I've no idea if these are legit or false positives. These warnings are about logging sensitive data -- I think we "hydrate" context with all kinds of garbage in this project, so I'd have to spend some time and trace/investigate these, but I'm short of time nowadays, so you'll have to wait unless one of 10+ other maintainers have more time

[Jamstah]

My guess here is that the app struct embeds the context instead of using it as a field, so the context/app are mingled. As app contains sensitive data, CodeQL assumes the context does too.

Having a look at breaking it into a field to see if it cleans up the codeql errors.

Edit: Nope, not that.