container-registry: add management commands and documentation

Registry management commands:
- delete <image>:<tag>: Remove tagged images from registry
- gc: Garbage collection with dry-run preview and confirmation
- push <image> --tag: Explicit tags now require image name
  (prevents accidentally tagging all images with same version)

Config improvements:
- Copy config to storage directory with baked-in storage path
- Fixes gc which reads config directly (not via env var)
- All registry files now in ${TOPDIR}/container-registry/

Documentation:
- Development Loop workflow (build, push, pull, test)
- Build-time OCI labels (revision, branch, created)
- Complete command reference

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

1 files changed, 64 insertions, 4 deletions

diff --git a/recipes-containers/container-registry/README.md b/recipes-containers/container-registry/README.md
index 82932706..1a0f74eb 100644
--- a/recipes-containers/container-registry/README.md
+++ b/recipes-containers/container-registry/README.md
@@ -34,8 +34,10 @@ Script location: `${TOPDIR}/container-registry/container-registry.sh` (outside t
 | `start` | Start the container registry server |
 | `stop` | Stop the container registry server |
 | `status` | Check if registry is running |
-| `push [options]` | Push all OCI images from deploy/ to registry |
+| `push [image] [options]` | Push OCI images from deploy/ to registry |
 | `import <image> [name]` | Import 3rd party image to registry |
+| `delete <image>:<tag>` | Delete a tagged image from registry |
+| `gc` | Garbage collect unreferenced blobs |
 | `list` | List all images with their tags |
 | `tags <image>` | List tags for a specific image |
 | `catalog` | Raw API catalog output |
@@ -43,9 +45,9 @@ Script location: `${TOPDIR}/container-registry/container-registry.sh` (outside t
 ### Push Options
 
 ```bash
-# Explicit tags
-container-registry.sh push --tag v1.0.0
-container-registry.sh push --tag latest --tag v1.0.0
+# Explicit tags (require image name)
+container-registry.sh push container-base --tag v1.0.0
+container-registry.sh push container-base --tag latest --tag v1.0.0
 
 # Strategy-based (see Tag Strategies below)
 container-registry.sh push --strategy "sha branch latest"
@@ -89,6 +91,64 @@ Result: `my-app:1.2.3`, `my-app:1.2`, `my-app:1`, `my-app:latest`
 IMAGE_VERSION=1.2.3 container-registry.sh push --strategy "semver sha latest"
 ```
 
+## Development Loop
+
+The default strategy (`timestamp latest`) supports a simple development workflow:
+
+```bash
+# Build
+bitbake container-base
+
+# Push (creates both timestamp tag AND :latest)
+./container-registry/container-registry.sh push
+
+# Pull on target - :latest is implicit, gets your most recent push
+vdkr pull container-base
+
+# Test
+vdkr run container-base /bin/sh
+
+# Repeat: rebuild, push, pull - no tag hunting needed
+```
+
+Each push overwrites `:latest` with your newest build. The timestamp tags (`20260112-143022`) remain for rollback/debugging.
+
+## Build-Time OCI Labels
+
+Container images automatically include standard OCI traceability labels:
+
+```bash
+$ skopeo inspect oci:container-base-oci | jq '.Labels'
+{
+  "org.opencontainers.image.revision": "8a3f2b1",
+  "org.opencontainers.image.ref.name": "master",
+  "org.opencontainers.image.created": "2026-01-12T20:32:24Z"
+}
+```
+
+| Label | Source | Description |
+|-------|--------|-------------|
+| `org.opencontainers.image.revision` | git SHA from TOPDIR | Code traceability |
+| `org.opencontainers.image.ref.name` | git branch from TOPDIR | Branch tracking |
+| `org.opencontainers.image.created` | Build timestamp | When image was built |
+| `org.opencontainers.image.version` | PV (if set) | Semantic version |
+
+### Customizing Labels
+
+```bitbake
+# In local.conf or image recipe
+
+# Explicit override (e.g., from CI/CD)
+OCI_IMAGE_REVISION = "${CI_COMMIT_SHA}"
+OCI_IMAGE_BRANCH = "${CI_BRANCH}"
+
+# Disable specific label
+OCI_IMAGE_REVISION = "none"
+
+# Disable all auto-labels
+OCI_IMAGE_AUTO_LABELS = "0"
+```
+
 ## Configuration (local.conf)
 
 ```bitbake