feat: establish secret realms

Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>

Author: Benehiko

x/realms/docker.go

@@ -0,0 +1,20 @@
+package realms
+
+import "github.com/docker/secrets-engine/x/secrets"
+
+// Docker realms all start with `docker/` as the prefix.
+//
+// Authentication flows done by the Docker CLI, Docker Desktop and Docker related
+// products must go through `docker/auth`.
+//
+// Docker Hub authentication (browser based OAuth login) will be prefixed
+// with `docker/auth/hub/<username>`.
+//
+// Docker Registry authentication will be prefixed with
+// `docker/auth/registry/docker/<username>`.
+var (
+	DockerHubAuthentication             = secrets.MustParsePattern("docker/auth/hub/**")
+	DockerHubStagingAuthentication      = secrets.MustParsePattern("docker/auth/hub-staging/**")
+	DockerRegistryAuthentication        = secrets.MustParsePattern("docker/auth/registry/docker/**")
+	DockerRegistryStagingAuthentication = secrets.MustParsePattern("docker/auth/registry/docker-staging/**")
+)

x/realms/realm.go

@@ -0,0 +1,13 @@
+// Package realms keeps track of known Docker realms
+//
+// Realms do not define a permission model and should not be used as such!
+// Realms are simply contracts that clients may use to query a set of secrets.
+// Once a realm has been established it MUST not change as clients would treat
+// the realm as a contract.
+// Clients may pin themselves to a specific realm or a group of realms.
+//
+// Examples:
+//
+//	`docker/` is a realm for all known Docker secrets.
+//	`docker/auth` is a realm for all known Docker Auth secrets.
+package realms