quickstart: encryption with skopeo's `docker-daemon` protocol doesn't work

[wainersm]

The quickstart contain a section on how to create an encrypted image with the attestation-agent. It mentions the following command to encrypt the image:

sudo OCICRYPT_KEYPROVIDER_CONFIG=$(pwd)/attestation-agent/sample_keyprovider/src/enc_mods/offline_fs_kbs/ocicrypt.conf \
skopeo copy --insecure-policy docker-daemon:[REGISTRY_URL]:unencrypted \
docker-daemon:[REGISTRY_URL]:encrypted \
--encryption-key provider:attestation-agent:$(pwd)/keys.json:key_id1

However, I realized that skopeo will silently leave the image unencrypted if the target image URL uses the docker-daemon protocol. In my experiments I could only generate the image properly with docker or oci. With the former skopeo will push the image directly to an image registry, whereas the later will create a local directory and you must use skopeo again to push it to the registry.

Cc @ryansavino @fitzthum

[fitzthum]

Hm yeah I have never used the docker-daemon protocol. We should probably change in the guide. Another silent failure from skopeo :(