If you have an private registry your docker tags of images inside it must have prefixed by the registry hostname. If not present, the command uses Docker’s public registry located at registry-1.docker.io by default. As example your registry hostname is docker.mycompany.net the tag of the image should be docker.mycompany.net/{image-name}:{image-version}. Documentation on docker tag can be found here.

So you just have to use that full tag of the image with the hostname prefix in your container specs as example to above scenario it should be like this.

containers:
   - name: my-container
     image: docker.mycompany.net/{image-name}:{image-version}
     ports:
      - containerPort: 80

As far as I know Kubernetes does not have a feature which you are referring to.

You can read about Pull an Image from a Private Registry, which describes how to create a secret which holds the authorization token and how to use it.

On the other hand, I was able to find something in Docker called Content trust.

Content trust allows operations with a remote Docker registry to enforce client-side signing and verification of image tags. Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side verification of the integrity and publisher of specific image tags.

Currently, content trust is disabled by default. To enable it, set the DOCKER_CONTENT_TRUST environment variable to 1

Link to the documentation is available here, also you can read about it inside Docker blog A secure supply chain for Kubernetes, Part 2