[release-5.29] Fix CVE-2024-3727

[mtrmac]

Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.

In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.

---

This is a backport of #2404 . Thanks to @dcermak for independently validating this work via #2415 .

[TomSweeneyRedHat]

LGTM, nice work @mtrmac !