Importer: Implement Manifest Reference Race Condition SafeGuards
Context
Race condition discovered in: #382 (comment 832727321)
Tagging manifests and associating manifests with manifest lists in the importer
We intend to run the import step directly after pre import, so most manifests should be the GC review queue, but be several hours away from being reviewed. However, this timing is not guaranteed and therefore these operations are vulnerable to the same race conditions we have addressed the manifest PUT
API route and should do the same locking:
- tagging a manifest: https://gitlab.com/gitlab-org/container-registry/-/blob/master/registry/handlers/manifests.go#L809
- rare error that can happen in the course of the above: https://gitlab.com/gitlab-org/container-registry/-/blob/master/registry/handlers/manifests.go#L527
- associating a manifest with a manifest list https://gitlab.com/gitlab-org/container-registry/-/blob/master/registry/handlers/manifests.go#L1103