reg/auth: remove contexts from Authorized method

The details of how request-scoped information is propagated through the
registry server app should be left as private implementation details so
they can be changed without fear of breaking compatibility with
third-party code which imports the distribution module. The
AccessController interface unnecessarily bakes into the public API
details of how authorization grants are propagated through request
contexts. In practice the only values the in-tree authorizers attach to
the request contexts are the UserInfo and Resources for the request.
Change the AccessController interface to return the UserInfo and
Resources directly to allow us to change how request contexts are used
within the app without altering the AccessController interface contract.

Signed-off-by: Cory Snider <csnider@mirantis.com>

registry/auth/silly/access_test.go

@@ -15,7 +15,7 @@ func TestSillyAccessController(t *testing.T) {
 	}
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		authCtx, err := ac.Authorized(r)
+		grant, err := ac.Authorized(r)
 		if err != nil {
 			switch err := err.(type) {
 			case auth.Challenge:
@@ -27,13 +27,12 @@ func TestSillyAccessController(t *testing.T) {
 			}
 		}
 
-		userInfo, ok := authCtx.Value(auth.UserKey).(auth.UserInfo)
-		if !ok {
-			t.Fatal("silly accessController did not set auth.user context")
+		if grant == nil {
+			t.Fatal("silly accessController did not return auth grant")
 		}
 
-		if userInfo.Name != "silly" {
-			t.Fatalf("expected user name %q, got %q", "silly", userInfo.Name)
+		if grant.User.Name != "silly" {
+			t.Fatalf("expected user name %q, got %q", "silly", grant.User.Name)
 		}
 
 		w.WriteHeader(http.StatusNoContent)