Goal

Add the ability for Quay to toggle between read-only and writeable through a hot-reload mechanism
Leverage this ability via the Quay operators to declaratively set the registry into a read-only mode

Why is this important?

The current read-only process requires generating a key, database insertion, and quay config.yaml changes. This introduces many places for human error.
For AppSRE, the desired process is to be able to flip quay into read only mode with a single high level toggle managed in app-interface.
The process and configuration required should not require quay specific knowledge, manual database operations, nor cloning repos.
The complexity of the process also stiffles effective backup routines among customers. If they want a consistent backup (consistency between database and layer storage) they need to put the registry into read-only mode while the backup is created. A complex preparation step to put the registry into read-only mode discourages that.

Quay can be set to read-only without having to restart the Quay instance or update the existing configuration
All writes are finished prior to the read-only state taking effect
The mechanism can be triggered via the Quay operator

CI - MUST be running successfully with tests automated
Release Technical Enablement - Provide necessary release enablement details and documents.
Docs/release notes have been updated

CI - CI is running, tests are automated and merged.
Release Enablement <link to Feature Enablement Presentation>
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Downstream documentation merged: <link to meaningful PR>