add bundle relatedimage image pullspec validation

[grokspawn]

No description provided.

[codecov]

Codecov Report

❌ Patch coverage is 87.50000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.04%. Comparing base (884ff95) to head (0aefd13).
⚠️ Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/validation/internal/bundle.go	87.50%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #475      +/-   ##
==========================================
+ Coverage   37.86%   38.04%   +0.17%     
==========================================
  Files          57       57              
  Lines        4563     4579      +16     
==========================================
+ Hits         1728     1742      +14     
- Misses       2678     2679       +1     
- Partials      157      158       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR adds validation for related image pullspecs in operator bundles to ensure they conform to valid container image reference formats. The validation leverages the github.com/distribution/reference library to parse and validate image references according to Docker distribution standards.

Changes:

• Added validateRelatedImages function to validate all relatedImages[].image fields in bundle CSVs
• Added comprehensive unit tests covering valid and invalid image formats
• Added github.com/distribution/reference dependency for image reference parsing

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
pkg/validation/internal/bundle.go	Implements validateRelatedImages function using distribution/reference library to validate image pullspecs; integrates validation into the main validateBundle function
pkg/validation/internal/bundle_test.go	Adds comprehensive test coverage for validateRelatedImages including empty images, valid formats (tags/digests), and various invalid formats (spaces, uppercase, special characters)
go.mod	Adds github.com/distribution/reference v0.6.0 as a new direct dependency and github.com/opencontainers/go-digest v1.0.0 as an indirect dependency
go.sum	Updates checksums for the new dependencies

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[acornett21]

I've approved this PR, since it works for my use case being called as a dependency as shown in the linked pr. I'll roll this out as soon as this is merged/released. Thanks for working on this.

[grokspawn]

Hey @acornett21 could I beg another LGTM? I shifted this to using the container-libs/image/v5/docker/reference, which is just the set of libs common to most of OLM and a wrapper to what we were calling before.

[rashmigottipati]

/lgtm

[grokspawn]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: acornett21, grokspawn, rashmigottipati

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [grokspawn]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment