Allow use of basic auth for security scan endpoints

This will allow the security labeler to send a pull secret to retrieve security information for a manifest

Fixes https://jira.coreos.com/browse/QUAY-1087

endpoints/api/secscan.py

@@ -4,6 +4,7 @@ import logging
 import features
 
 from app import secscan_api
+from auth.decorators import process_basic_auth_no_pass
 from data.registry_model import registry_model
 from data.registry_model.datatypes import SecurityScanStatus
 from endpoints.api import (require_repo_read, path_param,
@@ -53,6 +54,7 @@ def _security_info(manifest_or_legacy_image, include_vulnerabilities=True):
 class RepositoryImageSecurity(RepositoryParamResource):
   """ Operations for managing the vulnerabilities in a repository image. """
 
+  @process_basic_auth_no_pass
   @require_repo_read
   @nickname('getRepoImageSecurity')
   @disallow_for_app_repositories
@@ -79,6 +81,7 @@ class RepositoryImageSecurity(RepositoryParamResource):
 class RepositoryManifestSecurity(RepositoryParamResource):
   """ Operations for managing the vulnerabilities in a repository manifest. """
 
+  @process_basic_auth_no_pass
   @require_repo_read
   @nickname('getRepoManifestSecurity')
   @disallow_for_app_repositories