Dependency Proxy should retry failed TLS handshakes

Proposal

This is related to #341954 (closed) and #103985: we sporadically see cases where outbound TLS handshakes from our network fail with an error or timeout, which causes the dependency proxy to return an HTTP 599 error. I had hoped that this would be solved with #341954 (closed) but as recently as GitLab Premium 16.7.2 this still causes a container pull to fail:

$ docker pull --quiet "$CODE_QUALITY_IMAGE"
registry.gitlab.com/gitlab-org/ci-cd/codequality:0.96.0
$ docker run --rm \ # collapsed multi-line command
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
WARNING! Your password will be stored unencrypted in /code/.MjEzNzI=/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
error pulling image configuration: received unexpected HTTP status: 599 status code 599
error: (CC::CLI::Engines::Install::ImagePullFailure) unable to pull image git.example.org:443/project/dependency_proxy/containers/codeclimate/codeclimate-duplication

It would be nice if the dependency proxy could retry at least once or twice rather than causing builds to fail. The overhead of starting a new CI job is many orders of magnitude greater than a TCP retry and the failures we see are never consistent even when connections are made within a short interval.