feat(conformance): support optional request headers for registry probes

[yangbaechu]

Summary

Adds a repeatable --header "Name: value" option to the conformance CLI's registry command.

This allows the existing Registry API probe to validate private or self-hosted registries that require request headers, such as an Authorization header.

Motivation

The current registry probe can validate public registries, but it cannot attach request headers. That makes it hard to run the conformance CLI against authenticated enterprise deployments.

This is motivated by #40, which describes a self-hosted Registry implementation with JWT-required, access-scoped search.

What Changed

• Added parsing for repeatable --header "Name: value" arguments.
• Applies supplied headers to all registry probes:
  • GET /agents
  • POST /search
  • POST /explore
• Preserves Content-Type: application/json for POST probes.
• Documents the usage in conformance/README.md.

Scope

This is a conformance tooling change only; the Registry API security model is unchanged.

Example

ARD_REGISTRY_TOKEN=...
./conformance/bin/conformance-test registry https://registry.example.com/api/ard \
  --header "Authorization: Bearer ${ARD_REGISTRY_TOKEN}"

Validation

./conformance/bin/run-conformance-demo
python3 -S ./conformance/bin/conformance-test manifest ./conformance/examples/ai-catalog.json
./conformance/bin/conformance-test registry http://127.0.0.1:9010 --header "Authorization: Bearer test-token" --header "X-Tenant-Id: acme"
./conformance/bin/conformance-test registry http://localhost:9010/api --header bad
git diff --check

The invalid header command is expected to fail with a header format error.