docker rate limits when building images on self-hosted

I have mirrored this repository to a self-hosted gitlab instance using a repository pull mirror following the instructions at https://gitlab.com/components/opentofu#usage-on-self-managed. I'm trying to build the opentofu component pipeline on the self-hosted gitlab but I am running into docker hub rate limits.

$ buildah build --platform "$PLATFORMS" --build-arg OPENTOFU_VERSION=$OPENTOFU_VERSION --file Dockerfile.$GITLAB_OPENTOFU_BASE_IMAGE_OS --jobs 2 --manifest "$GITLAB_OPENTOFU_IMAGE_NAME" .
[linux/arm64] STEP 1/14: FROM debian:12.7
[linux/amd64] STEP 1/14: FROM debian:12.7
Resolved "debian" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/debian:12.7...
Resolved "debian" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/debian:12.7...
time="2024-09-25T09:20:28Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2024-09-25T09:20:28Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2024-09-25T09:21:03Z" level=warning msg="Failed, retrying in 2s ... (2/3). Error: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2024-09-25T09:21:03Z" level=warning msg="Failed, retrying in 2s ... (2/3). Error: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2024-09-25T09:21:42Z" level=warning msg="Failed, retrying in 4s ... (3/3). Error: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2024-09-25T09:21:45Z" level=warning msg="Failed, retrying in 4s ... (3/3). Error: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
Error: 2 errors occurred:
	* [linux/arm64]: creating build container: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
	* [linux/amd64]: creating build container: initializing source docker://debian:12.7: reading manifest 12.7 in docker.io/library/debian: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 1

For the gitlab-runner docker executor I have set registry-mirrors in /etc/docker/daemon.json on the runner hosts.

I can't find any way to set this for buildah running inside docker in this component pipeline. The buildah maintainers seem to have no interest in adding an environment variable for configuring a registry mirror (https://github.com/containers/buildah/issues/4999).

Is there any way I can get buildah to point to a local registry mirror proxy cache like I do with docker daemon? I would like to avoid modifying the opentofu component repository as it is a pull mirror unchanged from https://gitlab.com/components/opentofu and any modifications will disable the pull mirroring.