read docker credentials from cli config #167
Description
By default, Docker doesn't require Docker Hub credentials when pulling public images. But some organizations enforce sign-in for their employees meaning that you can't pull any image (even a public one) without being signed into your Docker Hub account.
With Docker, credentials are stored on the client side after you sign in through Docker Desktop or docker login. The default location is ~/.docker/config.json. When pulling image the client (Docker Desktop or Docker CLI) sends a pull image request containing the base64-encoded credentials in the header. So it is client's responsibility (not engine's) to provide proper credentials when needed.
Docker SDK for Go is another client and it does not handle credentials automatically. To quote one of the SDK maintainers: "The go client is a thin wrapper around the engine API. If you want to use the cred helpers you need to set that up" (source). As a source of inspiration, they propose to check how Docker CLI works: https://github.com/docker/cli/blob/master/cli/command/image/pull.go
From a quick glance, there's a bunch of utility methods for reading config.json and extracting credentials from it. We might consider taking the same approach instead of passing DOCKER_USER and DOCKER_TOKEN envvars as we do now.