cli/registry/login: Add the --password-env flag

[octo]

- What I did

Adds support for providing registry passwords via environment variables, which is particularly useful in CI pipelines. For example, GitLab stores registry passwords in the CI_REGISTRY_PASSWORD environment variable.

With this change, authenticating to a registry is as simple as:

docker login --username "${CI_REGISTRY_USER}" --password-env "CI_REGISTRY_PASSWORD" "${CI_REGISTRY}"

Alternatives Considered

• Using docker login -p "${VAR}" with warning suppression

  • Shell history concerns don't apply with variable substitution
  • Tokens are often short-lived, reducing security concerns
  • Could introduce a way to suppress warnings via environment variables

• Passing passwords via STDIN (current recommended method):

  sh echo "${CI_REGISTRY_PASSWORD}" | docker login --username "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY}"

  Avoids warnings but adds complexity to command chains

- How I did it

• Expanded the loginOptions struct, adding passwordEnv string.
• Refactored verifyLoginOptions to use a switch statement instead of if blocks to ensure only one block is evaluated.

- How to verify it

1. Verify the following command fails with a "variable DOCKER_TOKEN not defined" error:

   docker login -u "${DOCKER_USERNAME:?}" --password-env DOCKER_TOKEN "${DOCKER_HOST:?}"

2. Store login credentials in the DOCKER_TOKEN environment variable:

   DOCKER_TOKEN="f00bar"

3. Verify the command from step 1 now succeeds.

- Human readable description for the release notes

`docker login`: The new `--password-env` flag allows reading login credentials from an environment variable. 

- A picture of a cute animal (not mandatory but encouraged)

AI generated picutre of a Tanuki

Closes: #5971