Add additional image mappings from alias data

[ribbybibby]

These are mappings that I made by reversing the image aliases that power our CVE comparisons. I filtered out any mappings that DFC could make itself without the mapping.

cat <<QUERY | jq -sR '{query: .}' | curl -d @- -H 'Content-Type: application/json' 'https://data.chainguard.dev/query' > repos.json
query ChainguardPrivateImageCatalog {
  repos(filter: {uidp: {childrenOf: "ce2d1984a010471142503340d670612d63ffb9f6"}}) {
    name
    aliases
    catalogTier
  }
}
QUERY

cat repos.json | jq '
[
  .data.repos[]
  | select(.catalogTier != "FIPS" and (.name | endswith("-iamguarded") | not))
  | .name as $name
  | .aliases // []
  | .[]
  | . as $alias
  | select(($alias | split(":") | .[0] | split("/") | .[-1]) != $name)
  | {($alias | split(":") | .[0]): $name}]
  | unique
  | add
' | yq -p=json

I then had to go through these by hand correcting the significant number of false positives that are produced by the problems in our alias data.

Then I made sure each mapping existed in the catalog:

yq '.images | to_entries[] | .value' pkg/dfc/builtin-mappings.yaml -o json | jq -rc | while read -r repo; do
  if [[ "false" == $(jq -e --arg name $repo '[.data.repos[] | select(.name == $name)] | length > 0' repos.json) ]]; then
    echo $repo
  fi
done

As part of this I've also corrected some existing mappings I found that I think are incorrect:

• Change amazon/cloudwatch-agent: amazon-cloudwatch-agent-operator to amazon-cloudwatch-agent. The agent seems like a closer match to me?
• Remove ghcr.io/kyverno/kyverno: kyvernopre. First of all, kyverno seems like a fairer match. And we'd map that anyway without the explicit mapping.
• There is no docker-selenium-hub in our catalog. It's selenium-hub.
• Remove alpine/terragrunt: terragrunt-fips. I don't know why we'd specifically map this to FIPS and DFC will map it to terragrunt without the mapping.
• Remove argoproj/argocd: argocd-repo-server. We've deprecated the repo server image in favour of argocd which DFC will map to anyway.
• Map calico/node to calico-node, not calico-typha.
• I think cfssl is a better mapping for cfssl than cfssl-self-sign?
• Change cilium/cilium: cilium-operator-aws to map to cilium-agent. That seems more likely to me as the intended mapping.
• Map crossplane/provider-aws to crossplane-aws, rather than arbitrarily to crossplane-aws-dynamodb.
• Map crossplane/provider-azure to crossplane-azure, rather than arbitrarily crossplane-azure-storage.
• Remove fluxcd/flux: flux-image-automation-controller. I think flux is a better match and DFC will make that without the mapping.
• Remove goharbor/harbor-core: harbor-jobservice. I think harbor-core is a better match and DFC will make that without the mapping.
• Remove hashicorp/vault: vault-k8s. I think vault is a better match and DFC will make that without the mapping.
• Fix istio image mappings to point to the correct components.
• Change jaegertracing/all-in-one: jaeger-query to map to jaeger-all-in-one which is a more correct mapping.
• Fix jitsucom/bulker: jitsucom-syncctl to map to jitsucom-bulker.
• Remove kedacore/keda. DFC will map that to keda correctly anyway.
• Remove library/tomcat: tomcat-jdk8. There is no tomcat-jdk8 and DFC will map it to tomcat correctly anyway.
• Fix the dotnet-sdk mapping.
• Remove quay.io/jetstack/cert-manager-controller: cert-manager-webhook. This mapping is wrong and DFC will map it correctly anyway.
• The name of the Jupyterhub base notebook image is jupyter-base-notebbok.
• There is no registryk8s image. There is a DockerHub org called that but this mapping won't capture any images under it.
• There is no upstream-image and it seems odd that if there were that it would map to dapr-sentry?
• The repo for yet-another-cloudwatch-exporter is prometheus-yet-another-cloudwatch-exporter, not yace.
• Remove redpanda-data-console. This image was withdrawn from our catalog and was never entitled to any customers anyway.