Veto non-harbor images

This seems to cost us time, since the issue only comes up after we exhausted some quota at unknown time.

kind cluster itself uses registry.k8s.io images bundled in kind node image, so they are not actually pulled. This is similar to what is attempted here.

• check images generated by helm template
• check images deployed on the cluster after kind-up
• check images deployed on the cluster after helm-upgrade
• proxy kind node image (it's on dockerhub)
• add tests
• add exceptionally allowed images

Closes #302 (closed)