Make authentication service for Container Registry to be compatible with < Docker 1.11
This removes the usage of
offline_token which is only present when using
Docker 1.11.x instead we relay on
scope. This should make it compatible with any client starting from 1.6 (I did test only 1.8 and up).
Right now we return 403 if unauthorized user doesn't have access to anything. In all other cases we return token, but with empty
access, which simply disallow requested action.