- Introduced `--registry-ca` and `--registry-ca-validate` flags for configuring TLS verification with private registries.
- Implemented in-memory token caching with expiration handling.
- Updated documentation to reflect new CLI options and usage examples.
- Added tests for token cache concurrency and expiry behavior.
Log based on registry known-poor support of HEAD in checking container
manifest.
Some private registries do not support HEAD (E.G. GitLab Container Registry).
With the current config, this log message is causing a notification to be
sent for each container hosted in a registry lacking HEAD support.
log.Debug or log.Warning for failed HTTP HEAD-check based on registry hostname
where HEAD-check is known to fail.
For Docker Hub, a failed HEAD leading to a "regular pull" may count against a
user's call-quota whereas other registry implementations do not support HEAD,
or whose container manifest may be in a different location.
