[deckhouse-cli] Add new cr command for registry operations

[Glitchy-Sheep]

Add cr command group for container-registry operations

Introduces d8 cr: Crane-like workflows under one subtree, with the same registry auth as the rest of the CLI (d8 login / Docker config).

Command Tree

The PR adds the following commands to d8:

d8 cr
├─ [global flags]
│  ├─ -v, --verbose                            # Verbose debug logs on stderr (registry/network details).
│  ├─ --insecure                               # Plain HTTP / skip TLS verify; localhost & RFC1918 often already HTTP.
│  ├─ --allow-nondistributable-artifacts       # Push: include foreign/non-distributable layers.
│  └─ --platform os/arch[/variant][:osversion] # Multi-arch: resolve one platform (image-level cmds).
│
├─ pull IMAGE... PATH
│  ├─ Pull one or more remote images to local path
│  └─ flags:
│     ├─ -c, --cache-path <dir>      # Layer cache dir; reused across pulls.
│     └─ --format tarball|legacy|oci # Output: docker tarball (default), legacy tar, or OCI layout dir.
│
├─ push PATH IMAGE
│  ├─ Push local tar/OCI layout to registry
│  └─ flags:
│     ├─ --index             # OCI layout: push top-level index as-is (multi-manifest).
│     └─ --image-refs <file> # Also write pushed repo@digest to this file.
│
├─ export IMAGE [TARBALL]
│  └─ Export merged filesystem as verbatim tar stream
│
├─ ls REPO
│  ├─ List repository tags
│  └─ flags
│     ├─ --full-ref             # Full refs (registry/repo:tag) instead of tag names only.
│     └─ -O, --omit-digest-tags # Hide synthetic sha256-* tags.
│
├─ catalog REGISTRY
│  ├─ List repositories in registry
│  └─ flags
│     └─ --full-ref		# Full repo paths (registry/repo) instead of names only.
│
├─ manifest IMAGE
│  └─ Print raw manifest JSON
│
├─ config IMAGE
│  └─ Print raw config JSON
│
├─ digest [IMAGE]
│  ├─ Print image digest from registry or tarball
│  └─ flags
│     ├─ --tarball <path> # Digest from local tarball instead of registry.
│     └─ --full-ref       # Full repo@sha256:… instead of digest-only line (no --tarball).
│
└─ fs # A utility subcommand to work with image files (list, cat)
   ├─ ls IMAGE [PATH]
   │  ├─ List files (merged filesystem)
   │  └─ flags
   │     └─ -l, --long		# Long rows: mode, size, path
   │
   ├─ cat IMAGE PATH
   │  └─ Print regular file contents (merged FS)
   │
   ├─ tree IMAGE [PATH]
   │  ├─ Show filesystem tree
   │  └─ flags
   │     ├─ -L, --depth <n> # Max depth (0 = unlimited).
   │     ├─ --dirsfirst     # Directories before files in each listing (convenient).
   │     └─ --size          # Human-readable sizes on file nodes (text tree).
   │
   └─ extract IMAGE
      ├─ Extract merged filesystem to local directory (safe extraction)
      └─ flags
         └─ -o, --output <dir> (required)		# Destination directory for extracted files.

Presentation (Basic Flows)

How to review

The d8 cr follows the project conventions:

• cmd/command_name.go for commands
• cmd/cmd/subcommand.go for subcommands.
• The cr package also have its own internal structure to isolate domain specific logic

1. Start from the root command surface (cmd/d8/root.go, internal/cr/cmd/*).
2. Verify internals by layer (image -> imageio -> imagefs -> registry -> output).