fix(controllers): Usage of k8s secret dockerconfigjson

[frewilhelm]

What this PR does / why we need it

Instead of adding e2e examples with credentials, I added them as a separate tests because the file-parsing and deciding when which action of the ocmcli should be run is hell.
(For example we need to include an .ocmconfig to push to the private registry, but must not copy the resource because then the oci-artifact inside the CV would have the "external" URL which flux does not like. IMO this was not maintainable which is why I added them as e2e tests in testdata. It is more redundant code and configs but its easier maintainable)

Which issue(s) this PR fixes

Fixes open-component-model/ocm-project#788

[gitguardian]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
-	-	Generic High Entropy Secret	3bbe3c9	kubernetes/controller/test/e2e/testdata/docker-config-json/.docker-config-json	View secret
-	-	Base64 Generic High Entropy Secret	3bbe3c9	kubernetes/controller/test/e2e/testdata/docker-config-json/bootstrap.yaml	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[Skarlso]

LGTM

[jakobmoellerdev]

do we really need an e2e and integration test? i feel like one of them should be sufficient.

[frewilhelm]

do we really need an e2e and integration test? i feel like one of them should be sufficient.

I believe the TestGetConfigFromSecret tests are valuable because they help us quickly identify issues with the conversion from an OCM config or docker-config-json to genericv1.Config. For this reason, I’d prefer to keep these tests.

[Skarlso]

How did this suddenly start to fail? :D

[frewilhelm]

How did this suddenly start to fail? :D

I was able to reproduce it locally ONCE. I ran >20 test-runs afterwards and they all passed. Another run on the GHA also passes.

I suspect that the test fails, if the credential type registration registers the versioned type first and it becomes the default. Then, the expected configuration (unversioned) does not match the returned configuration (versioned in such cases).

I have no idea how this could even happen