Add support for docker images with attestation information

[beyhan]

Summary

If you try to push the version 1.23.2 of the nginxinc/nginx-unprivileged image to CF with cf push nginx-unprivileged --docker-image nginxinc/nginx-unprivileged:1.23.2 it will work. Pushing the next version 1.23.3 fails with the error:

...
2023-10-06T09:35:25.78+0200 [STG/0] OUT Staging process started ...
2023-10-06T09:35:26.71+0200 [STG/0] ERR Staging process failed: Exit trace for group:
2023-10-06T09:35:26.71+0200 [STG/0] ERR builder exited with error: failed to fetch metadata from [nginxinc/nginx-unprivileged] with tag [latest] and insecure registries [] due to unsupported schema version 2
2023-10-06T09:35:26.72+0200 [STG/0] OUT Exit status 2
...

Looking into the image manifest with docker manifest inspect --verbose nginxinc/nginx-unprivileged:1.23.3 shows that it is the first version where they attach image attestation information to the manifest. It looks like Diego can’t deal with this. This is definitely an issue because more and more images will start to add such information.

Diego repo

If the feature request is associated with a sub-component of diego-release add the name of the repo here, else, leave blank.

Describe alternatives you've considered (optional)

An alternative solution would be to produce docker images without build attestation information but the trend is to have more secure supply chains. That is why this isn't really an alternative.

Additional Text Output, Screenshots, or contextual information (optional)

Diego Slack channel discussion.

[ericgravelle-energir]

I think my own issue here: Error handling docker v2 schema is related.

[winkingturtle-vmw]

This issue has been fixed as of Diego v2.91.0.

[beyhan]

Thanks @winkingturtle-vmw for the update!