Fix compression detection to use magic bytes instead of file extensio…

…ns (#578)

When base image layers are cached locally or referenced during image
composition, they may be stored with generic names that don't reflect
their actual compression format (e.g., 'layer.tar' for a gzip file,
or no extension at all).

The previous extension-based detection would incorrectly classify
these as uncompressed layers, leading to manifest media type mismatches.
When pushing with OCI format, this caused layers to be declared as
application/vnd.oci.image.layer.v1.tar (uncompressed) when they were
actually gzip-compressed, resulting in 'invalid tar header' errors
during docker pull.

This change modifies detect_compression_type() to:
1. First check file magic bytes (1f 8b for gzip, 28 b5 2f fd for zstd)
2. Fall back to extension-based detection if magic bytes don't match

This ensures correct media type detection regardless of filename.

Added comprehensive unit tests covering:
- Correct detection via magic bytes
- Wrong extension scenarios (the bug case)
- No extension scenarios
- Fallback to extension-based detection still works

Fixes issue where layer blobs were gzip-compressed but declared as
uncompressed in OCI manifests, causing docker pull failures.

Add retries on server error for blob uploads (#565)

Fix deprecated GitHub Actions commands and update Ubuntu version (#562)

- Update ubuntu-20.04 to ubuntu-latest in all workflows
- Replace deprecated actions/checkout@v2 with actions/checkout@v4
- Replace deprecated actions-rs/* actions with modern alternatives:
  - actions-rs/toolchain@v1 -> dtolnay/rust-toolchain@stable
  - actions-rs/cargo@v1 -> direct cargo commands
- Update dependabot/fetch-metadata@v1 to @v2
- These changes fix the 'set-output command is deprecated' warnings

Add zstd compression support (#561)

Drop auth_info on redirect (#487)

In particular, this addresses a case where a user-facing registry redirects
to blob storage in S3, providing a URL that includes various `X-Amz-*` query
parameters. S3 refuses requests that have both Authentication header and
authentication query parameters.

Place a bound on how many auth attempts will be tried (#485)

Match authorization helpers based on registry (#479)

Bump tempfile from 3.6.0 to 3.10.1 (#356)

Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.6.0 to 3.10.1.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.6.0...v3.10.1)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Ianoc/maybe require (#421)

* Require this on auth

* Fixes and streamline

Require this on auth (#420)