Create reusable fragment to "prefetch" Docker images from the GitLab dependency proxy

In https://gitlab.developers.cam.ac.uk/uis/devops/iam/activate-account/infrastructure/-/merge_requests/325 we used the GitLab dependency proxy to pre-fetch a trivy image from the GitLab dependency proxy and then use docker tag so that subsequent uses of the "bare" aquasec/trivy:latest image would use the one fetched from cache.

Convert this into a re-usable fragment which:

• Takes a list of images in a CI variable
• Consists of a before_script which:
  • Signs docker into the dependency proxy using CI_DEPENDENCY_PROXY_{USER,PASSWORD}
  • Pre-pulls the images in the CI variable using CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX.
  • Tags the images as the unprefixed image name.

This should allow job scripts to use unprefixed docker images just as before.

Important

We must use CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX to ensure that the user triggering the pipeline does not need permissions on the top-level uis group.