update readme

Signed-off-by: Jason Hall <jason@chainguard.dev>

README.md

@@ -5,13 +5,8 @@ This repo generates a container image that maximizes the number of CVEs in the i
 The result is a 148 KB image that reports as having almost _30,000 CVEs_. That's roughly one CVE for every 5 bytes of image data!
 
 ```
-$ time grype $(go run .) > /dev/null
-2023/11/12 11:07:09 wrote /lib/apk/db/installed
-2023/11/12 11:07:09 wrote /etc/os-release
-2023/11/12 11:07:09 wrote ttl.sh/maxcve@sha256:c43609f71b0bf2d3f317d6347291bc070c09aab40cdcae5a16b723ea596620ab
+$ grype ghcr.io/imjasonh/maxcve > /dev/null
  ✔ Vulnerability DB                [no update available]
- ✔ Loaded image                                                                ttl.sh/maxcve@sha256:c43609f71b0bf2d3f317d6347291bc070c09aab40cdcae5a16b723ea596620ab
- ✔ Parsed image                                                                              sha256:9ccc9244966be8bc6c3bc6f33d88a2bc062cfd21b72c055b70a33c922d09a91a
  ✔ Cataloged packages              [26573 packages]
  ✔ Scanned for vulnerabilities     [29345 vulnerability matches]
    ├── by severity: 1925 critical, 17158 high, 8845 medium, 400 low, 0 negligible (1017 unknown)
@@ -28,6 +23,12 @@ _Zero negligible vulns, nice!_
 
 _Real minimal base image for scale_
 
+### Development
+
+```
+go run . ttl.sh/maxcve
+```
+
 ### How it works
 
 To minimize size, the image doesn't actually contain any packages. In fact, it only contains two files:

main.go

@@ -12,6 +12,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
@@ -113,7 +114,8 @@ HOME_URL="https://wolfi.dev"
 	if err != nil {
 		log.Fatal(err)
 	}
-	if err := remote.Write(ref, img); err != nil {
+	if err := remote.Write(ref, img,
+		remote.WithAuthFromKeychain(authn.DefaultKeychain)); err != nil {
 		log.Fatal(err)
 	}
 	d, err := img.Digest()