Support ImageFromDockerfile authenticated image pulls

[rnorth]

#2201 was intended to support authenticated pulls for images required by ImageFromDockerfile builds and Docker Compose. Unfortunately there was a bug in the ImageFromDockerfile implementation, which needs patching.

Sadly authenticated pulls are not easy to automatically test, so this was missed in manual testing.

This PR:

• Ensures that the required images are pulled once the list of images is actually populated
• Automatically disable's docker's built-in pull if this has been done, as it is not required and will fail if an authenticated image is involved
• Adds integration tests that pull images from a local private docker registry. This covers both building a Docker Image from dockerfile and also launching a compose project. The tests are intended to ensure that the authenticated pull code is actually used; unit tests cover the various permutations of looking up which images need to be pulled.

[bsideup]

@rnorth WDYT about writing a test for it? IIRC we already have an infrastructure for authenticated pulls

[rnorth]

@bsideup yeah, I really wanted to do that, and have done so now building upon our existing local private registry test.

[rnorth]

Deprecation duty.

[rnorth]

I wish we had text blocks!

I would have preferred to just point to a static file on disk, but unfortunately our dockerized private registry has a port number that can vary, and thus the image name changes.

Hence, constructing a tiny YAML file in a string seemed like a tolerable evil.

[bsideup]

We can, with https://github.com/bsideup/jabel ;)

[erohana]

hi @rnorth
the current solution doesn't support pulling base images with build args

for example
FROM my-company-ecr/openjdk:${jdk_version}
where jdk_version is a build arg, is there a solution for that ?