Asset syncer authorization failure when re-syncing

[absoludity]

Describe the bug

When re-syncing an OCI repository after a change, I noticed (while testing other code) that the sync job would fail with a 401 unauthorized as it attempts a public (no creds) HEAD for the Bitnami Application Catalog specific charts-index manifest. This is not happening when the repo is first added (the sync works fine), but only when updating/editing the repo.

The request in question is simply to test if the charts-index is available and should not be resulting in a failure if not (though we should also be ensuring that we use the credentials with the request).

To Reproduce
Steps to reproduce the behavior:

1. Add an OCI repository refering to a Harbor instance
2. Verify the successful sync
3. Edit the OCI repository, changing something trivial (description)
4. Check the logs of the new sync job

Expected behavior
New sync should also be successful. In reality, it fails as shown below.

Screenshots

I1027 01:06:42.036792       1 root.go:32] "The component 'asset-syncer' has been configured with" serverOptions={"DatabaseURL":"kubeapps-postgresql:5432","DatabaseName":"assets","DatabaseUser":"postgres","DatabasePassword":"REDACTED","Debug":false,"Namespace":"kubeapps","OciRepositories":[],"TlsInsecureSkipVerify":false,"FilterRules":"","PassCredentials":false,"UserAgent":"asset-syncer/ (kubeapps/DEVEL)","UserAgentComment":"kubeapps/DEVEL","GlobalPackagingNamespace":"kubeapps","KubeappsNamespace":"","AuthorizationHeader":"Basic **********","DockerConfigJson":"","OCICatalogURL":""}
I1027 01:06:42.100250       1 sync.go:90] Current checksum: "1bc64ddaa680f3f70b865674f2bee9ffb2ceb33342ad9f3062d127d00637c8ee". Previous checksum: "c6ef7f88750f44776ed186dcd31de21a54c160cbb587d93c953e7be6f6b0d6fb"
I1027 01:06:42.101197       1 utils.go:962] Starting 10 file importer workers
I1027 01:06:42.101235       1 utils.go:505] Getting tag https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest
I1027 01:06:43.358801       1 utils.go:584] Unable to find VAC index: GET request to [https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository"}]}
 and oci-catalog service not configured
Error: error: GET request to [https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository"}]}

Usage:
  asset-syncer sync [REPO NAME] [REPO URL] [REPO TYPE] [flags]

Flags:
  -h, --help                       help for sync
      --oci-repositories strings   List of OCI Repositories in case the type is OCI
      --version                    version for sync

Global Flags:
      --add_dir_header                   If true, adds the file directory to the header of the log messages
      --alsologtostderr                  log to standard error as well as files (no effect when -logtostderr=true)
      --database-name string             Name of the database to use (default "charts")
      --database-url string              Database URL (default "localhost:5432")
      --database-user string             Database user
      --debug                            verbose logging
      --filter-rules string              JSON blob with the rules to filter assets
      --global-repos-namespace string    Namespace for global repos (default "kubeapps")
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory (no effect when -logtostderr=true)
      --log_file string                  If non-empty, use this log file (no effect when -logtostderr=true)
      --log_file_max_size uint           Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --namespace string                 Namespace of the repository being synced
      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
      --pass-credentials                 pass credentials to all domains
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files (no effect when -logtostderr=true)
      --stderrthreshold severity         logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
      --tls-insecure-skip-verify         Skip TLS verification
      --user-agent-comment string        UserAgent comment used during outbound requests
  -v, --v Level                          number for the log level verbosity (default 4)
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

Error: error: GET request to [https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository"}]}