Allow providing arbitrary headers for fallback registry

[andrewheberle]

It would be great to be able to provide a list of HTTP headers to provide to a configured fallback registry, with my use case being having an on-premise/legacy registry that is used as a fallback for a newly deployed serverless registry on Cloudflare, but being able to lock this on-prem registry behind Cloudflare Access used service based auth.

So being able to specify a REGISTRIES_JSON similar to the following would be awesome:

[
    {
        "registry": "https://oldregistry/",
        "password_env": "REGISTRY_TOKEN",
        "username": "r2-registry",
        "headers_env": "HEADERS_ENV"
    }
]

With HEADERS_ENV being a secret with the following content:

{
    "Cf-Access-Client-Id": "service-auth-client-id",
    "Cf-Access-Client-Secret": "service-auth-secret"
}

Allowing non-sensitive headers to be provided by a headers key would be a good addition too if possible.