check image access on `deis pull`

[rwos]

resolves https://github.com/teamhephy/workflow/issues/78

Essentially, this just attempts a docker_client.inspect_image (which downloads just the manifest, not the whole image) on deis pull and that raises an error if it's a private registry and the user didn't add the correct credentials to the app.

I think in the default hephy install, with the on-cluster deis-registry, you can still "steal" other users' source build images by doing deis pull 127.0.0.1:5555/hephy/some-app:git-$githash. But for that to work, you'd need to somehow guess the app name and the correct git hash - I don't think that's very likely. Plus, that stops working if you use a password-protected off-cluster registry for hephy.

[rwos]

@Cryptophobia thanks for the review! I removed the --parallel stuff again

[Cryptophobia]

Thank you for the PR and fixing this security issue in a creative way!