Ignore import/extensions when importing Docker tags JSON

In https://github.com/github/dependabot-update-job-proxy/pull/988 we're
removing HTTP Basic Auth from the proxy. While passing them won't cause
any issues, it will no longer serve a purpose.

It should technically be fine to merge these changes _before_ that
lands, as the proxy can currently be ran without setting up basic auth,
but let's get that PR to land first.

*Note* We needed to add the `User: 'root'` declaration to have this run
as it did previously. The updater image no longer runs updates as root,
but as `dependabot`.

Typescript started handling `error: unknown` in v4.0. It hadn't been
enforced strictly until now.

Per the suggestion of https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners

Multiple users have reported `dependabot-action` not respecting their
proxy settings. We had not been passing those along to our proxy.

We've encountered some friction when running Dependabot on Actions
runners in Kubernetes clusters. We're thinking the friction has to do
with DNS resolution, and that using an IP address will prevent that step
from needing to happen.

I had made the wrong assumption about how long the timeout was in our
connectivity check. Should have re-checked that work.

Might be a bit overly cautious, but this should prevent collisions in
the event that another value is set somewhere.

`dependabot-core` relies upon this value to give customers that need
more time in establishing connections. This value will be absorbed by
`dependabot-updater` and passed along.

Defaulting to a value of 10 as that's what we used in our connectivity
check. That value was sufficient for users which such concerns in the
past.

This could allow Dependabot to keep the `Dockerfile` up-to-date, and we
wouldn't need another build step to use them.

When running `ncc build` the referenced `Dockerfile` gets copied into
`dist/main` so it's available to the code running in actions.

Following on from: https://github.com/dependabot/updater-action/pull/72
Working towards: github/dependabot-updates#2102

As a preamble to pinning the image versions we use this introduces
`npm run fetch-images` as a way to pre-pull the images defined in docker_tags.ts
which we will set to specific SHAs in future versions.

This ensures CI and developers pull the images before attempting to run the code
to avoid any surprise breakages.

It also makes the presence of a GITHUB_TOKEN envvar a validation check in
ImageService.pull to avoid confusing docker errors if it isn't present.

Finally, it avoids passing any auth credentials to non-GitHub hosts when
we run our tests

Co-Authored by: Philip Harrison <philip@mailharrison.com>

This way, we can inform users what went wrong.

I've decided to try to stick to the error format we use in our internal
infrastructure as much as possible, without updating the JobError.
Because if that, this is accompanied by a small change to our API that
handles these errors.