[docker/cli] Allow login credentials for specific repo/scope

### ROOT CAUSE The issue arises because Docker's current credential storage mechanism only supports one set of credentials per registry domain. This is insufficient for registries that require scoped credentials (e.g., for specific repositories) or have rate limiting based on credentials. The `AuthConfig` struct in `docker/cli` does not accommodate multiple credential sets per registry. ### CODE FIX Modify the `AuthConfig` struct to support multiple credentials per registry domain, each with a scope. Here's the implementation: 1. **Update `AuthConfig` Struct**: Replace the `Auths` map with a slice of `AuthConfigEntry`, each containing a `Scope` field. ```go type AuthConfig struct { // ... existing fields ... Auths []AuthConfigEntry `json:"credsStore"` // Rename field for clarity } type AuthConfigEntry struct { Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` Email string `json:"email,omitempty"` Server string `json:"serveraddress,omitempty"` Scope string `json:"scope,omitempty"` // Add scope field } ``` 2. **Modify Configuration Logic**: Update the code to handle multiple entries per registry. For example, when fetching credentials, prioritize entries with matching scopes. ```go func getCredentials(server, repo string) (string, string, error) { entries := getAuthConfigEntries(server) for _, entry := range entries { if entry.Scope == repo || entry.Scope == "*" { return entry.Username, entry.Password, nil } } return "", "", fmt.Errorf("no credentials for %s", repo) } ``` 3. **Handle Migration**: Add a migration step during startup to convert existing single-credential entries into scoped entries (e.g., default scope to `*`). This change allows Docker to store and retrieve credentials scoped to specific repositories or domains, addressing the use cases while maintaining backward compatibility through migration.