refactor(kit): Expose core Kit CLI functionality as a reusable Go library #905

[arnab2001]

Description

Refactors CLI command implementations into a reusable Go API under pkg/kit.

• Adds pkg/kit operations for Info, Inspect, List, Login, Logout, Pull, Push, Remove, Tag, and Unpack wrappers.
• Updates CLI command entrypoints (pkg/cmd/*/cmd.go) to call pkg/kit instead of local command-specific logic.
• Removes migrated legacy command implementation files from pkg/cmd/*.
• Moves list helper tests to pkg/kit/list_test.go.
• Adds package docs (pkg/kit/doc.go, pkg/kit/README.md).
• Updates .gitignore to ignore root-only binaries (/kit, /kit.exe).
• Validation: go test ./... passes.

Closes #905

AI-Assisted Code

• This PR contains AI-generated code that I have reviewed and tested
• I take full responsibility for all code in this PR, regardless of how it was created

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6da19a0973

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Normalize Pull concurrency before invoking repository pull

The new kit.Pull API forwards opts.NetworkOptions directly into localRepo.PullModel without running NetworkOptions.Complete or otherwise enforcing a minimum concurrency, so zero-value PullOptions (a common Go usage) pass Concurrency=0. In pkg/lib/repo/local/pull.go:65-85, that becomes semaphore.NewWeighted(0) followed by Acquire(..., 1), which blocks until context cancellation and makes pulls hang/fail even for valid references; the old CLI path avoided this because flag parsing set a default and Complete validated >=1.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Default TLS verification to enabled for kit API calls

This new library entrypoint passes opts.NetworkOptions straight to remote.NewRegistry, so callers who use zero-value LoginOptions get TLSVerify=false; pkg/lib/network/auth.go:71 then sets InsecureSkipVerify = !opts.TLSVerify, silently disabling certificate verification. The CLI previously defaulted --tls-verify to true via flag wiring, but the extracted pkg/kit API now exposes an insecure default for normal programmatic use and can allow MITM interception of registry credentials unless every caller manually overrides it.

Useful? React with 👍 / 👎.

[arnab2001]

Addressed both Codex P1 suggestions by adding safe default normalization in pkg/kit API entrypoints (pull/login), and re-ran targeted tests for kit/network/repo packages.

[amisevsk]

Why have all the comments on this file been removed?

[amisevsk]

We're now duplicating the options for every command twice -- once in the cmd package and once in the kit package. Why not import the e.g. kit.RemoveOptions struct here and bind flags into it instead of defining it twice?