Secured login management to container image registry in a virtualized computer system

What is claimed is: 1. A method of logging in a user to a container image registry in a virtualized computing system, the container image registry managing container images for deploying containers in the virtualized computing system, the method comprising: receiving, at a credential manager in the virtualized computing system, a first login request from a credential helper executing in a client device, the first login request including single sign-on (SSO) credentials of the user, the virtualized computing system includes a host cluster having hosts, a virtualization layer executing on the hosts and supporting execution of virtual machines (VMs) thereon; sending, from the credential manager to the credential helper, a session token for the user in response to authentication of the SSO credentials; receiving, at the container image registry, a second login request from a client application executing in the client device, the second login request for an image access to the container image registry and including the session token, the container image registry executing in at least one VM of the VMs and including the credential manager; and authorizing, by the credential manager, the user as identified in the session token of the second login request for the image access in response to validation of the session token. 2. The method of claim 1 , wherein the virtualized computing system includes a virtualization management server managing the host cluster, the virtualization layer, and the VMs, wherein the VMs execute the containers, wherein the virtualization management server executes an SSO service, and wherein the method further comprises: authenticating, by the credential manager in cooperation with the SSO service, the SSO credentials in the first login request. 3. The method of claim 2 , wherein the virtualized computing system includes an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server, wherein the credential manager comprises a first service executing in the container image registry and a second service executing in the master server, wherein the method comprises: receiving the first login request at the second service; authenticating, by the second service in cooperation with the SSO service, the SSO credentials in the first login request; receiving the session token from the second login request at the first service; and wherein the first service performs the step of authorizing the user as identified in the session token. 4. The method of claim 3 , further comprising: validating, by the first service in cooperation with the second service, the session token prior to performing the step of authorizing the user as identified in the session token. 5. The method of claim 3 , wherein the VMs include pod VMs managed by the orchestration control plane, the pod VMs including container engines supporting execution of the containers, and wherein the container image registry executes in at least one of the pod VMs and the master server executes in at least one of the VMs. 6. The method of claim 1 , wherein the virtualized computing system includes a host cluster having hosts, a virtualization layer executing on the hosts and supporting execution of virtual machines (VMs) thereon, and a virtualization management server managing the host cluster, the virtualization layer, and the VMs, wherein the VMs execute the containers, wherein the virtualization management server executes the credential manager as part of an SSO platform, and wherein the method further comprises: authenticating, by the credential manager, the SSO credentials in the first login request. 7. A method of logging in an automation user to a container image registry in a virtualized computing system, the container image registry managing container images for deploying containers in the virtualized computing system, the method comprising: receiving, at a registry authentication/authorization (auth) service in the container image registry, a login request from a service executing in the virtualized computing system representing the automation user, the login request for image access to the container image registry and including an automation token, wherein the virtualized computing system includes a host cluster having hosts, a virtualization layer executing on the hosts and supporting execution of virtual machines (VMs) thereon, and an orchestration control plane integrated with the virtualization layer, wherein the orchestration control plane includes a master server that stores a secret having the automation token; obtaining, at the service, the automation token from the secret; authenticating the automation token as credentials of a robot account in the container image registry corresponding to the automation user; and authorizing the automation user as identified in the automation token of the login request in response to the robot account having privilege for the image access. 8. The method of claim 7 , wherein the VMs include pod VMs managed by the orchestration control plane, the pod VMs including container engines supporting execution of containers that include the containers, wherein the service is an image service executing in the virtualization layer external to the VMs as an agent of the orchestration control plane, and wherein the image service receives the secret from the master server in response to deployment of a pod VM of the pod VMs. 9. The method of claim 8 , wherein the master server manages deployment of the pod VM in response to a command by a single sign-on (SSO) user of an SSO platform executing in the virtualized computing system, the master server having authenticated and authorized the SSO user with the SSO platform. 10. The method of claim 8 , wherein the master server manages a service account and manages deployment of the pod VM in response to a command from the service account, the master server having authenticated and authorized a user who created the service account. 11. The method of claim 7 , wherein the container image registry generates the robot account and automation token in response to creation of a project that provides a logical container for a set of the container images, and wherein the master server associates the secret and the project with a namespace. 12. The method of claim 11 , wherein the VMs include pod VMs managed by the orchestration control plane, the pod VMs including container engines supporting execution of the containers, wherein the service is an image service executing in the virtualization layer external to the VMs as an agent of the orchestration control plane, wherein the service receives the secret from the master server in response to deployment of a pod VM of the pod VMs, and wherein the master server manages deployment of the pod VM within the namespace in response to a command by either a single sign-on (SSO) user of an SSO platform executing in the virtualized computing system or a service account on the master server created by the SSO user. 13. A virtualized computing system, comprising: a host and a virtualization layer executing on a hardware platform of the host, the virtualization layer supporting execution of virtual machines (VMs), the VMs including pod VMs, the pod VMs including container engines supporting execution of containers; an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server and an image service, the image service executing in the virtualization layer external to the VMs and configured as an agent of the master server; a container image registry c