Separate Registry Endpoints from Authentication in PublishConfig

[lbussell]

Fixes #1914.
In draft mode because I haven't ran it through a pipeline to validate yet.

Problem

The current PublishConfiguration tightly couples registry endpoints with authentication details. Each RegistryConfiguration embeds its own ServiceConnection, ResourceGroup, and Subscription, making it difficult to:

• Share authentication credentials across multiple registries
• Clearly separate "which registry to use" from "how to authenticate"
• Support non-ACR registries cleanly

Changes

Refactored PublishConfiguration to separate concerns:

New types:

• RegistryEndpoint - Holds only the registry server address
• RegistryAuthentication - Holds ServiceConnection + ACR metadata (ResourceGroup, Subscription)

New schema:

{
  "PublishConfiguration": {
    "BuildRegistry": { "Server": "mybuildregistry.azurecr.io" },
    "PublishRegistry": { "Server": "mypublishregistry.azurecr.io" },
    "RegistryAuthentication": {
      "mybuildregistry.azurecr.io": {
        "ServiceConnection": { "Name": "...", "Id": "...", "TenantId": "...", "ClientId": "..." },
        "ResourceGroup": "<guid>",
        "Subscription": "<guid>"
      }
    }
  }
}

Multiple registries can now share authentication by referencing the same key in RegistryAuthentication.

Files changed:

• Added RegistryEndpoint.cs, RegistryAuthentication.cs
• Deleted RegistryConfiguration.cs
• Updated all consumers to use new lookup via FindRegistryAuthentication()
• Added PublishConfigurationBindingTests.cs to validate config binding from json.

Breaking change: JSON configuration schema has changed.