OCI Referrer's API support for registry.redhat.io / registry.access.redhat.com proxies

For multiple use cases, we need support for the OCI Referrer's API in the registry.redhat.io proxy.

The use case driving this request is @Rob Greenberg and @Adam Bellusci over in AI BU who want it for OpenSSF Model Signing signatures for the model artifacts that get distributed as OCI artifacts through registry.redhat.io (RHAIRFE-817).

Other use cases in the future include making SBOMs, SLSA provenance attestations, and other supply chain security artifacts available through the API that will be respected by more and more clients in the future.

For the RHAIRFE-817 use case, this is driven by customer requests for tamper-proof model integrity verification in the product.

The change here needs to go into the registry.redhat.io proxy layer, maintained by the quay engineering team.