Add function to set custom auth scope in context

Currently auth.docker.io uses a custom auth scope for (docker) plugins
`repository(plugin):<repo>:<perms>`.
This makes it impossible to use containerd distribution tooling to fetch
plugins without also supplying a totally custom authorizer.

This changes allows clients to set the correct scope on the context.
It's a little bit nasty but "works".

I'm also a bit suspect of some a couple of these unexported context
functrions. Before the primary one used `contextWithRepositoryScope`
overwrites any scope value and there is another one that appends the
scope value.
With this change they both append...

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

remotes/docker/scope.go

@@ -51,19 +51,25 @@ func contextWithRepositoryScope(ctx context.Context, refspec reference.Spec, pus
 	if err != nil {
 		return nil, err
 	}
-	return context.WithValue(ctx, tokenScopesKey{}, []string{s}), nil
+	return WithScope(ctx, s), nil
+}
+
+// WithScope appends a custom registry auth scope to the context.
+func WithScope(ctx context.Context, scope string) context.Context {
+	var scopes []string
+	if v := ctx.Value(tokenScopesKey{}); v != nil {
+		scopes = v.([]string)
+		scopes = append(scopes, scope)
+	} else {
+		scopes = []string{scope}
+	}
+	return context.WithValue(ctx, tokenScopesKey{}, scopes)
 }
 
 // contextWithAppendPullRepositoryScope is used to append repository pull
 // scope into existing scopes indexed by the tokenScopesKey{}.
 func contextWithAppendPullRepositoryScope(ctx context.Context, repo string) context.Context {
-	var scopes []string
-
-	if v := ctx.Value(tokenScopesKey{}); v != nil {
-		scopes = append(scopes, v.([]string)...)
-	}
-	scopes = append(scopes, fmt.Sprintf("repository:%s:pull", repo))
-	return context.WithValue(ctx, tokenScopesKey{}, scopes)
+	return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo))
 }
 
 // getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.