By removing basic auth from registry. I know it sounds ironic at first, but we'll delegate to nginx's basic auth because that one has jail. But what the heck does REGISTRY_HTTP_SECRET do?