[docker/cli] Feature request: per-sandbox credential injection configuration for Docker sandboxes

### ROOT CAUSE The issue arises because the Docker CLI lacks a mechanism to configure credential injection per sandbox (context). Currently, the `credsStore` field in the context configuration is global, and there's no way to specify different credentials for different contexts. This limitation prevents users from injecting specific credentials into a sandboxed environment without affecting other contexts. ### CODE FIX ```go // docker/context/context.go // Add a new field to Context struct for per-sandbox credsStore type Context struct { Name string `json:"name"` DisplayName string `json:"display-name"` DockerHost string `json:"docker-host"` DockerTLS bool `json:"docker-tls"` DockerDAE string `json:"docker-ae"` DockerCertPath string `json:"docker-cert-path"` CredsStore string `json:"credsStore"` // Existing field SandboxCredsStore string `json:"sandboxCredsStore"` // New field for per-sandbox credsStore } // In the Save method, add the new field to the JSON marshaling func (c *Context) Save() error { // ... existing code ... if c.SandboxCredsStore != "" { err = jsonb.PutString(&b, "sandboxCredsStore", c.SandboxCredsStore) if err != nil { return err } } // ... existing code ... } // In the command-line flags for context config, add a new flag for sandboxCredsStore // In docker/context/context.go under the config subcommands cmdContextConfig.Flags().StringVar(&configOpts.SandboxCredsStore, "sandbox-creds-store", "", "Credential helper to use for this sandbox (overrides global)") cmdContextConfig.Flags().StringVar(&configOpts.CredsStore, "creds-store", "", "Credential helper to use (global)") // In the docker/dockerdaemons/client.go, modify the client creation to use the context's sandboxCredsStore if available func newClient(ctx context.Context, c *context.Context) (*Client, error) { credsStore := c.CredsStore // Existing credsStore if c.SandboxCredsStore != "" { credsStore = c.SandboxCredsStore // Use sandbox-specific credsStore if set } // ... rest of the client creation ... } ``` This solution introduces a new `sandboxCredsStore` field in the context configuration, allowing users to specify a credential helper for a specific sandbox. The Docker CLI will prioritize this value over the global `credsStore` when available.