Restrict access from K8s ingresses using HTTP header authentication

[lucamilanesio]

Background:
When using Registry in a K8s environment, it is possible to expose the service through different ingresses. However, not all ingresses should be allowed to change and/or use some of the API.

Acceptance criteria:
GIVEN a registry deployed in a protected environment and exposed through external reverse proxies
WHEN an external user is reaching the service through an external name
THEN the registry should allow only certain HTTP operations and not others
AND the registry administrator should be able to configure what is and isn't allowed

[gcsaba2]

This should be done in the proxy itself.