Simple signing policies fail if multiple matching pull secrets are in scope

[jhart1685]

What commit ID of Portieris did you experience the problem with?

v0.9.0

What went wrong?

My deployment has 3 imagePullSecrets in scope for the registry containing my images.
Two of those contain credentials that do not have access to the image. The third pull secret has good credentials.
When using a simple signing policy, Portieris blocks the deploy with access denied.. and this in the logs:

responder.go:87] simple: Error reading manifest <REDACTED>: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

What should have happened differently?

Portieris should have tried all matching pull secrets in this case.

How can it be reproduced?

As per description.
I expect that the pull secrets are iterated by Portieris in alphabetical order, so it may be important to have the bad credentials in a secret closer to the start of the alphabet than the good ones.

Any other relevant information

The following code looks like it is supposed to handle this: https://github.com/IBM/portieris/blob/master/pkg/verifier/simple/imagePolicy.go#L64-L71
However, in local debugging, I can see the error being returned from line 60 instead.

[jhart1685]

The fix for this is likely a small code change. But I feel we need an e2e test that catches this problem first.