Allow HTTP registries for local development / integration tests

[bojidar-bg]

Description

As mentioned in #477 (comment), there is currently no way to configure Policy Controller in a way that lets it use an insecure HTTP registry. However, HTTP registries are really common with local development environments, e.g. kind/ctlptl - and the tooling around those usually lacks an established way for setting up a TLS-secured registry and managing the certificates for it.

That's why I would like to request some kind of flag which would allow webhook to use HTTP registries. Would be willing to implement myself, if pointed in the right direction. (I'm guessing it's around Authority,UnmarshalJSON, looking at 1, 2, 3, 4, 5, 6)

In my usecase, I am working a project which uses sigstore, and I wanted to make a self-contained end-to-end test which builds and deploys all things locally (without requiring ttl.sh or such). While usually one can just deploy a local development environment without sigstore for that, in this case the project itself is a platform that custom containers can be deployed to, and the fact that it's generating working sigstore policies is part of what we ultimately want to test.

[bojidar-bg]

Actually... this might very well be my error, as I had the images misconfigured - so the errors I was getting were actually from Kubernetes.
Couldn't confirm that sigstore itself is working correctly, but going to close this for now, and reopen it once I have solid proof that sigstore does not already support HTTP registry. 😅