graphql: Apply authorization on /_search endpoint

- AccessControlContext now resides in a separate package from where it can be imported,
along with the contextKey that will be used to set and retrieve this context value.

- AccessControlContext has a new field called Username, that will be of use for future
implementations in graphQL resolvers.

- GlobalSearch resolver now uses this context to filter repos available to the logged user.

- moved logic for uploading images in tests so that it can be used in every package

- tests were added for multiple request scenarios, when zot-server requires authz
on specific repos

- added tests with injected errors for extended coverage

- added tests for status code error injection utilities

Closes https://github.com/project-zot/zot/issues/615

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>

pkg/test/dev.go

@@ -6,6 +6,7 @@
 package test
 
 import (
+	"net/http"
 	"sync"
 
 	zerr "zotregistry.io/zot/errors"
@@ -36,6 +37,20 @@ func Error(err error) error {
 	return nil
 }
 
+// Used to inject error status codes for coverage purposes.
+// -1 will be returned in case of successful failure injection.
+func ErrStatusCode(status int) int {
+	if !injectedFailure() {
+		if status == http.StatusAccepted || status == http.StatusCreated {
+			return status
+		}
+
+		return 0
+	}
+
+	return -1
+}
+
 /**
  *
  * Failure injection infrastructure to cover hard-to-reach code paths.