Description

Followup to #416. This PR implements the Sensor-side functionality of Scanning:

1. Attempt to scan via the normal route (Central)
2. If Central could not find metadata, then try to get the metadata via an internal registry
3. If this succeeds, then scan the image with a local scanner with the credentials retrieved in ROX-8401, ROX-8465: Store internal registries + credentials #416

Checklist

• Investigated and inspected CI test results
• Unit test and regression tests added
• Evaluated and added CHANGELOG entry if required
• [ ] Determined and documented upgrade steps

Testing Performed

The full pipeline is still incomplete, so there are no E2E tests at this time, and there is no particular part that would benefit from a unit test.

Manual testing:

1. Deploy and OpenShift cluster (3.11 and/or 4.x)
2. Deploy ACS
3. Add Sensor to Scanner's NetworkPolicy
4. Set ROX_SKIP_PEER_VALIDATION=true in Scanner and wait for it to come back up.
5. Set ROX_LOCAL_IMAGE_SCANNING=true, ROX_SCANNER_GRPC_ENDPOINT=scanner.stackrox.svc.8443, LOGLEVEL=debug in Sensor.
6. Push an image to the internal registry (be sure to create the project you push it in before pushing).
7. Create a deployment which uses this image.
8. View Sensor's logs to ensure it says Retrieved metadata for image <image> in namespace <namespace>: <metadata> and Got image components from local Scanner for image <image> in namespace <namespace>.
9. View Scanner's logs to confirm the images have been analyzed.

Example deployment YAML for OpenShift 4.x:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: ross-test
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: image-registry.openshift-image-registry.svc:5000/ross-test/nginx:1.14.2
        ports:
        - containerPort: 80