ch-image: registry non-interactive authentication

Currently, ch-grow requests credentials interactively from the user whenever they are needed. In #822 (closed), @tbugfinder proposes non-interactive authentication.

Approaches off the top of my head:

1. Piggy-back on Docker credentials file. This is tricky because it will be in /root if Docker is invoked with sudo, which is the recommended approach. However, we could add e.g. --auth PATH to use any file.

2. Command line options, e.g. ch-grow pull --user foo --password b4r. This reveals secrets to anyone who can see the history file but also more importantly ps output.

3. Environment variables, e.g. CH_GROW_USER and CH_GROW_PASSWORD. Hard to get secrets into these without leaking, but it won't be in ps output at least.

4. Credentials store such as the OS X keychain. This smells complicated.

Note that credentials may vary depending on the remote registry.