Regarding the initiative to create a general authentication library for registries (thanks to @shizhMSFT in #413), I encountered some legacy behavior in the Docker credential helper libraries and thought it should be documented to ensure ORAS supports it in this new library.

Credential helpers may return keys either of the form, e.g., https://ghcr.io or ghcr.io, or the original Docker index server URL https://index.docker.io/v1/. See, Docker issue: docker/docker-credential-helpers#256

To handle this, libraries implementing auth and intending to choose an auth configuration must:

1. Use a ToHostname routine to homogenize the input server name, removing the scheme and then path parts after the hostname. This function would take a name like https://ghcr.io/aaronfriel and return ghcr.io.

2. First attempt a direct lookup in the map (authConfigs["ghcr.io"]), and early return on success. Otherwise, iterate over the map and perform the ToHostname conversion on each of the keys, returning the first key that equals the input ("ghcr.io" == ToHostname(key)).

Example: https://github.com/docker/cli/blob/v20.10.23/cli/config/credentials/file_store.go#L33-L47