“The important detail is this www-authenticate header is telling OCI clients to send their user credentials to that https://ghrc.io/token API.”
Typosquat alert. Ghrc.io looks like a default nginx page but responds to container registry API calls with authentication headers pointing to their own token endpoint. One letter off from ghcr.io, the real GitHub Container Registry. Fat-finger the URL when configuring Docker or Kubernetes and you just sent your GitHub credentials to attackers. They can push malicious images to your repos or hijack your account. Check your configs.