Add Authentication configuration option for all Registry endpoints.

[rohit-joy]

This is essentially to follow in the same lines as the integration with Keycloak that was done for service accounts and extend it to all endpoints including GET.

If this new environment variable AUTHENTICATION_REQUIRED is set to true, then Authentication is required to access even the GET endpoints by users or service accounts. Anonymous access will be forbidden.

In lieu of the OIDC auth, the legacy authorization token should be used when AUTHENTICATION_REQUIRED is true.

When AUTHENTICATION_REQUIRED is false, the behavior would be the same as it is today where anonymous access to GET endpoints are allowed.

If you have suggestions or concerns, please let me know.

[jeannekitchens]

@edgarf @arielr-lt @excelsior

Rohit estimates this taking a couple of hours. Can this be prioritized? Please address questions to @rohit-joy

[excelsior]

@jeannekitchens Sounds about right: The implementation itself shouldn't take more than that. We probably will need to updated the authomated tests, that's going to take a couple of hours, too.

@rohit-joy What about authorization? Should all the GET endpoints be accessible to all the authenticated users or some should be available only to the publishers?