Configure registry-specific HTTP proxy in `registries.conf`

[cyqsimon]

Feature request description

In this network environment I got two private registries, both needing to be accessed through its specific HTTP proxy. It would be great if it's possible to configure this in /etc/containers/registries.conf, so that I do not need to set the specific proxy on CLI every time I wish to pull from one of them.

And in fact this is not just a matter of laziness. My actual use case involves a GitLab runner configured to use Podman as its container runtime. It needs to be able to pull images from those two private registries, as well as any other registry over the public internet. Currently this is very difficult to set up.

Suggest potential solution

Add a per-namespace setting proxy to registries.conf, similar to the per-repository setting proxy in dnf.conf. This proxy would only be used for interacting with this specific registry (does not get passed into any containers), and has the lowest priority (i.e. could be overridden by environment variables and/or CLI options and/or API parameters).

Have you considered any alternatives?

I have tried to use a reverse proxy to MITM the registries that require proxies, then configure the reverse proxy as a repository mirror. Unfortunately this leads to a host of issues regarding SNI and HTTP Host header, not to mention the intrinsic ballooning of complexity. It would be by far the easiest if Podman supports it natively.

Additional context

N/A

[Luap99]

Moving to container-libs as this would need to be implemented in the image lib.
cc @mtrmac