Passing the password/token on the command line is insecure and can
easily leak, e.g. via the `ps` command line tool. The here-string syntax
`<<<$var` avoids this problem.

While there fixed language that could be misread as
`CI_REGISTRY_PASSWORD` being a short-lived token. According to
https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#gitlab-cicd-job-token-security
the token is long-lifed and needs to be protected.