test: add missing CI image to mirror

[Leiyks]

Description

This PR modify our CI to use our private registry instead of dockerhub to pull the public images we are using.
The goal is to stop having image pull rate limits errors when we are running too many pipeline.

[pr-commenter]

Benchmarks [ tracer ]

Benchmark execution time: 2025-12-09 12:08:19

Comparing candidate commit e20dc42 in PR branch leiyks/fix-ci-docker-pull-limit with baseline commit 9468244 in branch master.

Found 2 performance improvements and 1 performance regressions! Performance is the same for 190 metrics, 1 unstable metrics.

scenario:EmptyFileBench/benchEmptyFileDdprof-opcache

• 🟩 execution_time [-523.940µs; -244.580µs] or [-13.033%; -6.084%]

scenario:MessagePackSerializationBench/benchMessagePackSerialization-opcache

• 🟥 execution_time [+3.128µs; +4.292µs] or [+2.956%; +4.058%]

scenario:TraceSerializationBench/benchSerializeTrace

• 🟩 execution_time [-36.086µs; -20.114µs] or [-8.156%; -4.546%]

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.64%. Comparing base (373e64d) to head (54da5c7).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3510      +/-   ##
==========================================
- Coverage   61.75%   61.64%   -0.11%     
==========================================
  Files         143      143              
  Lines       13008    13008              
  Branches     1702     1702              
==========================================
- Hits         8033     8019      -14     
- Misses       4215     4228      +13     
- Partials      760      761       +1     

see 3 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 373e64d...54da5c7. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[realFlowControl]

Have we considered authenticating against Docker Hub to bypass (or widen) pull limits?
From a technical perspective this is fine, from a maintenance perspective I have questions:

• will images in our mirror be updated magically?
• if not: could we describe the process in a doc in this repo somewhere?

I am asking because this will add maintenance burden to us and we should be clear about that, if it's the case

[Leiyks]

Have we considered authenticating against Docker Hub to bypass (or widen) pull limits?

Indeed, this could be a much better solution under the condition that we have a Pro/Team/Business service account that we can use to do the authentication.
Currently to upload docker images we are launching a manual pipeline with our account name and access token from dockerhub.
After discussing with Pawel we figured that just using our private registry would be fine, but I agree that it would cause an issue from a maintenance perspective.

In case we continue with that solution, we can just update those image when it cause an issue with the CI.
This is currently what we are doing with some public images that are already mirrored into our private registry, and since we need to add some proper alerting to our CI later it won't go unnoticed