Registry phase 2 migration: Update /jwt/auth

Context

The context for this issue can be viewed in the epic &7316 (closed) and the breakdown of work can be viewed in this comment &7316 (comment 792633854).

Update endpoint: `/jwt/auth`

Update the endpoint to reject JWT token requests for scopes push, delete or * if the container repository is in migration_state: :importing

Add `import` resource name to Auth service

See this thread for more details about the new scope.

Add a new resource name import for registry resource access tokens to the ContainerRegistryAuthenticationService
Add a class method import_access_token that grants the import access similar to the full_access_token

Edited Jan 07, 2022 by Steve Abrams