registry integration with the reverse-proxy

(i did not find a better title ;-)

This is a replacement for the registry hook (!33 (closed))

The registry hook has two shortcomings:

• the authorization scope of the registry API is the repository (it is not be possible to implement finer-grained (i.e tag-based) authorization)
• the notification is best-effort only, if the django server is unable to process the push request there no strong guarantee that the image will be processed (even if the push is reported as « successful » to the user) https://docs.docker.com/registry/notifications/#considerations

This PR uses an alternate approach:

• registry requests are handled by the nginx reverse-proxy
  • image manifest push/pull endpoint is routed through the django server (which forwards them to the registry)
  • all other endpoints (especally blob push/pull) are forwarded directly to the registry
• before an image is pushed, the django endpoint ensures that there is no pending commit on the controller side (if a sandbox is being committed)
• after the image is pushed, the django endpoint updates the db to register the new image. This operation is done transactionally before the successful push result is sent back to the client

Other changes:

• removed the ALLGO_DJANGO_REGISTRY variable (no longer needed because the registry and django servers now share the same hostname)
• add the ALLGO_REGISTRY_PRIVATE_URL variable to store the internal location of the registry backend. By default it is set to http://{ENV}-registry:5000 (thus http://dev-registry:5000 in development)
• TLS is disabled on the registry by default, because all unsecure communications are confined within a docker private network (but in production we will still use TLS because the registry is located on another server)
• the django config now relies on the X-Forwarded-* headers set by nginx
• the nginx frontend root is now configured to use the django container (instead of the rails container)

Thus in the development setup:

• the django server is reachable at https://localhost/
• the registry is reachable at https://localhost/v2/ thus the relevant docker images shall be tagged as localhost/WEBAPP:VERSION