ci: configure podman registries.conf for HTTP registry

The host uses podman (not Docker) — the socket mounted in job containers
is /run/podman/podman.sock. Podman reads /etc/containers/registries.conf
for insecure registry config, which takes effect immediately without any
daemon restart.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -142,14 +142,19 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build]
     if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-    container:
-      options: --privileged -v /var/run/docker.sock:/var/run/docker.sock
     env:
       REGISTRY: ${{ env.GITEA_REGISTRY }}
       OWNER: ${{ env.GITEA_OWNER }}
     steps:
       - uses: actions/checkout@v4
 
+      - name: Configure insecure registry
+        run: |
+          # Host uses podman — configure registries.conf for HTTP access
+          sudo mkdir -p /etc/containers
+          printf '[[registry]]\nlocation = "%s"\ninsecure = true\n' "${{ env.REGISTRY }}" \
+            | sudo tee /etc/containers/registries.conf
+
       - name: Login to Gitea container registry
         run: |
           echo "${{ secrets.PACKAGES_TOKEN }}" | docker login \