feat: recognize Forgejo and Gitea provider configuration

[mariusvniekerk]

Adds Forgejo and Gitea metadata and config parsing so Codeberg, Gitea.com, and self-hosted repos can be represented before provider sync is implemented.

[mariusvniekerk]

This change is part of the following stack:

• docs: plan Forgejo provider implementation #265
  • feat: add Forgejo and Gitea SDK client skeletons #267
    • feat: share Forgejo and Gitea provider core #268
      • feat: convert Forgejo and Gitea SDK records #269
        • feat: read Forgejo and Gitea through shared provider core #270
          • feat: start Forgejo and Gitea providers at runtime #271
            • feat: recognize Forgejo and Gitea provider configuration #266 ◀
              • test: cover Forgejo and Gitea repository imports #272
                • feat: expose Forgejo and Gitea repository imports #273
                  • test: add Forgejo and Gitea container fixtures #274
                  • feat: enable proven Forgejo and Gitea mutations #275
                  • docs: document Forgejo and Gitea setup #276
                  • feat: add gitealike Actions CI parity #281

_{Change managed by git-spice.}

[roborev-ci]

roborev: Combined Review (a518da0)

High-risk issue found: fallback Forgejo/Gitea token env vars may be used for auth without being included in session environment sanitization.

High

• internal/config/config.go:1046
TokenEnvNames only includes implicit Forgejo/Gitea default env vars when a repo has no token_env, but TokenForPlatformHost can still fall back to MIDDLEMAN_FORGEJO_TOKEN or MIDDLEMAN_GITEA_TOKEN when a repo-specific env var is configured but empty. Those default token env vars can therefore be used for auth while remaining unsanitized in launched session environments.

  Fix: Include possible fallback provider/default token env names independently of whether r.TokenEnv is set, while still adding the repo-specific env name.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (aa08bfb)

No Medium, High, or Critical issues were reported.

All review agents either found no issues or returned no findings.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (5487890)

No Medium, High, or Critical findings were reported.

All review agents that provided findings indicate the code is clean.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (0f40d24)

Runtime support is incomplete for the newly accepted Forgejo/Gitea platforms.

High

• internal/config/config.go:297
  Codeberg and Gitea URLs now normalize to forgejo/gitea, and those platforms are accepted as built-ins, but startup still only has provider factories for GitHub and GitLab. Repos using the newly recognized platforms can pass config validation and then fail at startup with unsupported platform "forgejo" or "gitea".
  Fix: Add Forgejo/Gitea provider factories or compatible provider mappings before accepting/infering these platforms, or reject them until runtime support exists.

Medium

• internal/config/config_test.go:775
  Coverage only verifies parsing and token lookup. This is a user-visible provider/data-flow change plus a token-sanitizer fix, but there is no end-to-end coverage proving startup, provider registration, SQLite/API flow, and environment sanitization work together.
  Fix: Add e2e coverage that starts the app with Forgejo/Gitea-style config and verifies runtime behavior, including stripping implicit provider token env vars from launched session environments.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (1d79f4f)

No Medium, High, or Critical issues were reported.

All review agents found the code clean or reported no findings.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (535775a)

No Medium, High, or Critical findings were reported.

All review agents found the code clean for reportable issues.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (3b4fa7d)

All reported findings are below medium severity, so there are no actionable PR comments to include.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[roborev-ci]

roborev: Combined Review (f978956)

Code review verdict: no Medium, High, or Critical findings to report.

The only reported finding was Low severity, so it is omitted per the review rules.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)