[GCP Artifact Registry] Docker component scan and Clair services should be able to scan images from Artifact Registry

[mzueva]

Background Docker component scan is a service responsible for scanning docker images for various components: OS, software, python and R packages, etc. Clair service is a service for scanning docker images for vulnerabilities. Docker image scan can be triggered from API in two ways:

• scheduled image scanning (see ToolScanScheduler.java)
• and API call (see ToolController.java) In both cases sever will perform several checks and get vulnerability data from Clair service and components data from Docker component scan service.

Approach Docker image scanning should work properly for images from docker registry with provider=GCP. Keep in mind that scanning may take a long time (up to several hours), so we need to ensure that token passed for authorization will be valid or use some other approach for authorization.