build(deps): bump github.com/containers/image/v5 from 5.16.0 to 5.23.1

[dependabot]

Bumps github.com/containers/image/v5 from 5.16.0 to 5.23.1.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.23.1

• Make the pseudo-config used in sigstore attachments a bit more valid
• Recognize invalid error responses of registry.redhat.io

v5.22.1

No release notes provided.

v5.23.0

Image.Inspect now provides more information.

Improved support for registries that require authentication, notably for the search operation.

• Cirrus: Use the latest imgts container
• Cirrus: Update CI VM images
• Replace use of deprecated io/ioutil
• Reformat with Go 1.19's gofmt
• Use c/image's reference package
• Rename archiveImageDestination.writer to file
• Introduce archiveImageDestination.closeWriter
• Use an *archive.Writer in dockerArchiveReference and dockerArchiveDestination
• Inline openArchiveForWriting into archive.Writer
• Automaticaly delete a docker-archive if we didn't write a complete image
• Update a test dependency to avoid override problems
• docker_client: Handle "invalid_scope" errors
• Document limitations of transports for remote podman client
• Remove github.com/docker/distribution/registry/client package
• Log invalid and empty credential helper entries

v5.22.0

copy.Image can now copy non-image OCI artifacts.

Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only).

Now requires Go 1.17. GPGME now must be new enough to be visible via pkg-config.

github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is} might need to be used instead of pkg/errors.Cause).

Changes default paths on FreeBSD.

• Remove unused Makefile variables
• Config files should live in /usr/local on FreeBSD
• docker: validate received parts
• Use go env to fetch the go path
• docker: add workaround for CloudFront
• Improve errors messages when image missing from list
• Stop calling gpgme-config
• Fix codespell errors
• Make sure github.com/opencontainers/runc >= 1.1.2 is used

... (truncated)

Commits

• a3bfb86 Release 5.23.1
• d92bac8 Merge pull request #1696 from mtrmac/5.23-backports
• 52a50cf Recognize invalid error responses of registry.redhat.io
• 8481ec9 Make the pseudo-config used in sigstore attachments a bit more valid
• e8566a4 Update branch configuration for a backport branch
• 220aeb5 Merge pull request #1667 from mtrmac/v5.23.0
• f649a19 Bump to v5.23.1-dev
• 3443821 Release v5.23.0
• b5f2544 Update to github.com/opencontainers/[email protected]
• 3a6e77d Merge pull request #1665 from containers/dependabot/go_modules/github.com/ope...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #87.