Improve container image handling
We want to improve UX for common workflows like:
- Use Workbench2 (and no shell node) to run a workflow that depends on docker images that are available on dockerhub
- Build an image from a Dockerfile or git repo, and use that image to run Arvados containers without pushing it to dockerhub
- Build an image and share it with other users on your cluster without pushing it to dockerhub
- Share a project that contains a workflow execution plus all of the docker images needed to re-run it even after the referenced images on dockerhub/arvados have been updated or removed
- Each cluster has a "docker images" project. Any user with username X can use arv-keepdocker (or a new arvados-client command?) to save docker images in a subproject named X. A container request with container image "arvados:X/Y" will use the image saved in the collection named Y in the subproject named X, subject to usual permissions.
- A container request with container image "docker:abc/def" causes Arvados to fetch/update "abc/def" from dockerhub into an arvados collection, and use that collection PDH as the image in the resulting container.