Mirror third party container images to reduce failures and use in air-gapped mode

[saisatishkarra]

Instances:

• Grype CDN failures Grype DB save/cache fails during matrix jobs #151
• Trivy GHCR registry failures Trivy vulnerability DB download fails during image scan #157

Air Gapped Env:

• Maintain a separate repository for third party images that can act as mirror to avoid downstream pipeline failures
• These mirrored images must be able used / consumed across various downstream repositories
• Mechanism to distribute / configure these mirrored images across all repositories via shared actions
• Mechanism to update / maintain these mirrored images form upstream.
• Metrics:
  • Identify what is acceptable stale db TTL either for global org wide cache / for mirroring images ?
  • How frequently mirroring should be performed ?
  • How frequently the updated images should be rolled out to downstream workflows i.e release cadence ?
  • Can central GH cache also be configured along side mirroring ?