Allow pulling container images using personal access tokens

Merged Zeger-Jan van de Weg requested to merge zj-read-registry-pat into master

Are there points in the code the reviewer needs to double check?

This touches both authentication and authorization, so please double check the security side of it all.

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Fixes gitlab-org/gitlab-ce#19219

Edited by Zeger-Jan van de Weg