Not passing --insecure-registry from publish to build #2718
Description
On publish, we check that the bundle has already been built and is up-to-date. If it is not, then we rebuild before continuing with the publish.
Previously, the build implementation always allowed insecure registries but that changed in #2579 when I updated the implementation to use HEAD instead of pulling the entire image. At that time I added --insecure-registry to the build command, but missed hooking up that flag to the same flag on the publish command. So when a rebuild is triggered on publish, if the registry referenced by any images in the bundle is insecure, the rebuild will fail.
This is currently happening intermittently on the airgap smoke tests. Which brings me to another bug! It was originally reported in #2503, where porter would for some reason decide that a bundle is out-of-date for no reason. When the bug above in rebuild cropped up, it consistently reproduced the other bug. So the airgap test would randomly decide the bundle should be rebuilt, but because it's a test specifically for unsecured registries, it would also trigger the bug above.
So both really need to be fixed at the same time.
The root cause of the out-of-date detection incorrectly flagging a bundle was because we compare the list of installed mixins and their version between the cached bundle and the current bundle, and were using a Go map for that instead of a sorted array.