nixos/gitlab: Add support for gitlab-container-registry

Support for external container registries (namely
`pkgs.docker-distribution`) has ended in GitLab 16.0 [1] and is
scheduled for removal in a future release. [2]

This commit adds a new registry package option, defaulting to
`pkgs.docker-distribution` and `pkgs.gitlab-container-registry` for
system state versions >= 23.11.

While it is still possible to use the docker container registry, module
users should switch to gitlab's container registry fork soon. A warning
message will be added in a future commit to advise affected users to
back up their state and then switch to the new container registry
package.

[1]: https://gitlab.com/gitlab-org/gitlab/-/issues/376217
[2]: https://gitlab.com/gitlab-org/gitlab/-/issues/403322

nixos/modules/services/misc/gitlab.nix

@@ -553,6 +553,20 @@ in {
           default = false;
           description = lib.mdDoc "Enable GitLab container registry.";
         };
+        package = mkOption {
+          type = types.package;
+          default =
+            if versionAtLeast config.system.stateVersion "23.11"
+            then pkgs.gitlab-container-registry
+            else pkgs.docker-distribution;
+          defaultText = literalExpression "pkgs.docker-distribution";
+          description = lib.mdDoc ''
+            Container registry package to use.
+
+            External container registries such as `pkgs.docker-distribution` are not supported
+            anymore since GitLab 16.0.0.
+          '';
+        };
         host = mkOption {
           type = types.str;
           default = config.services.gitlab.host;
@@ -1210,6 +1224,7 @@ in {
     services.dockerRegistry = optionalAttrs cfg.registry.enable {
       enable = true;
       enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly
+      package = cfg.package;
       extraConfig = {
         auth.token = {
           realm = "http${optionalString (cfg.https == true) "s"}://${cfg.host}/jwt/auth";