Description of problem:

When working with disconnected environments, sometimes you need to define multiple ImageContentSourcePolicies, some of them are used by apps/manifests that don't use digests when pulling the images.

Currently, all configurations are added with the mirror-by-digest-only property set to true. It will be nice if this property could be configured using the ImageContentSourcePolicy.

The ability to use mirror registries is also required when customers are looking to utilize their own registries as a transparent pull-through cache, see PROJQUAY-465. This is done for performance reasons as well as in the light of recent policy changes in DockerHub which introduced pull-request rate limiting for public community content. This is an extremely popular use case for developer driven workflows that often rely on upstream content.

Version-Release number of selected component (if applicable):

4.6.X but I believe it affects any 4.X release which supports ICSPs.

How reproducible:

Always.

Steps to Reproduce:
1. Create an ICSP
2. In the OCP nodes check the file /etc/containers/registries.conf
3. Registries will be configured with "mirror-by-digest-only = true"

Actual results:

Workloads using image tags rather than image digests will not pull the images from the mirror.

Expected results:

Workloads using image tags whose their mirror has been configured with "mirror-by-digest-only = false" should be able to pull the image from that mirror.

Additional info:

https://github.com/openshift/api/issues/636

Bug id : https://bugzilla.redhat.com/show_bug.cgi?id=1921049