Add container repository cred permission checks

The docker roles perform permission checks to verify that the
owner of the credential is okay with a job uploading to a given
repo.  The container roles document that they perform the same
check, but that wasn't implemented.  This change implements it.

Change-Id: I1fa7ad985664688de76f0fcc280fbfea4f02fb7c

roles/promote-container-image/tasks/main.yaml

@@ -8,6 +8,15 @@
   fail:
     msg: "{{ zj_image.registry }} credentials not found"
 
+- name: Verify repository permission
+  when: |
+    not zj_image.repository | regex_search(container_registry_credentials[zj_image.registry].repository)
+  loop: "{{ container_images }}"
+  loop_control:
+    loop_var: zj_image
+  fail:
+    msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.registry].repository }}"
+
 - name: Log in to registry
   no_log: true
   command: >-

roles/upload-container-image/tasks/main.yaml

@@ -8,6 +8,15 @@
   fail:
     msg: "{{ zj_image.registry }} credentials not found"
 
+- name: Verify repository permission
+  when: |
+    not zj_image.repository | regex_search(container_registry_credentials[zj_image.registry].repository)
+  loop: "{{ container_images }}"
+  loop_control:
+    loop_var: zj_image
+  fail:
+    msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.registry].repository }}"
+
 - name: Upload image to container registry
   loop: "{{ container_images }}"
   loop_control: