Productionize pulling of images from container registry

[ceddlyburge]

At the moment deploying to kubernetes involves manually adding a secret to the cluster, so that the docker images can be pulled from the container registry, which is not ideal.

We should think about and implement a plan to make this more automated / productionized

Options

1. Use kubseal to encrypt a github token from a red badger github bot account, and push it to the repo. This secret would be specific to each cluster I think, but could work well if we had a permanent / long lived cluster.
2. Use Google Container registry and Gooogle Cloud to host the kubernetes cluster, in which case we think no secret is required.
3. Use Azure or Amazaon in the same way as 2.
4. Use some sort of key vault and retrieve the key from there. Authorization with the key vault might run in to the same problem as authorizing with the container registry, but would probably allow the container registry to more easily live in a different place to the cluster.
5. Probably others ...