reggie: Deny push access to reggie via its ingress

Allow only read access to the registry via its public ingress. Only pods within the cluster (namely buildkitd pods) should need to push to the registry and they address reggie using cluster DNS (i.e. reggie.gitlab-runner.svc.cluster.local) that resolves to a cluster IP and not does traverse the ingress.

Bug: T324361