Stubborn dog-with-a-bone that I am, I did more research, and hopefully this can put to bed my diversion of the thread (sorry), and maybe help others with a similar use case / workflow objective to mine :
Forgejo (official Cloudron AppStore) provides standard git source code functionality AND it has a built-in container registry functionality
so no need to consider changes to the official docker registry app for public pulls
forgejo supports private and public repos (which git.cloudron.io does not)
forgejo supports public image pulls (like hub.docker.com) but also multiple private containers (hub.docker.com only allows 1)
I can uninstall docker registry app and gitea/gitlab apps, multiple used for segregating cloudron community work from closed app dev, using Forgejo organization instead.
So the answer for my bandwidth-limited brain of 1 app for (almost) everything seems to be Forgejo (available today, no dev work).
However, @girish made valuable comment that hosting container images is a disk/network usage risk. Even for a small dev footprint like mine, this could be critical (let alone Cloudron scale).
I need to think & test out, but maybe Forgejo actions can automate container push to hub.docker.com, and do automated cleanup in the instance. So from dev point of view it's a single answer (Forgejo) with CI/CD offloading disk/network risks to hub.docker.com (or whatever).
