This is the "production side" of the security, wherein we will need our builder to be able to push into the internal registry – ideally without the user having to generate a bunch of secrets and set a whole bunch of stuff up.

This will probably look like the internal registry trusting pull secrets that are put in a proper place, as well as exposing some place for users to configure additional access to the internal registry (so they can say, pull their images with tools and inspect or scan them).