get-openstack-images: improve testability & make more robust

We have one testability issue with get-openstack-images: if the image already exists in Glance in the CI environment, the tool does not try to pull from the registry and does not try to push to glance; so on a platform where an image was succesfully installed in Glance, the get-openstack-images tool codepath to pull OCI artifact and to push an image to Glance are not exercised, nor is the configuration that allows these codepath to be tested (e.g. secure/insecure registry, or openstack creds).

I would propose the following evolutions to improve testability:

1. when the image is found in Glance, the tool would still do an attempt at fetching OCI artifact manifest and annotations, this is cheap
2. when the image is found in Glance, the tool would still update the image properties in Glance

Doing (2) would also have the benefit of doing another improvement to the tool:

• today if the tool fails to set the properties, it does not reach the place where it tags the image, so when it runs again it pushes the image to Glance again uselessly; and we may create multiple exact same images
• we would add the tag action in the create_image call to solve that, but then we may end up creating an image without having set its properties, and nothing will try to re-set them
• by doing (2) we solve this remaining issue

So, adding to this list above we could do:

3. do the 'tag' action in the create_image call

/cc @mihai.zaharia