ci: move image build off-infra to GHA -> ghcr (ADR-0002)

Generated by infra/scripts/offinfra-onboard: GHA builds+tests on the
GitHub mirror, pushes ghcr.io/viktorbarzin/wealthfolio-sync, then triggers the
Woodpecker deploy (repo 0). Old in-cluster build pipeline
removed: .woodpecker/build.yml

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

.woodpecker/build.yml

@@ -1,45 +0,0 @@
-when:
-  event: push
-  branch: [main, master]
-
-clone:
-  git:
-    image: woodpeckerci/plugin-git
-    settings:
-      attempts: 5
-      backoff: 10s
-
-steps:
-  - name: lint-and-test
-    image: python:3.12-slim
-    commands:
-      - pip install --no-cache-dir "poetry==1.8.4"
-      - poetry install --no-interaction --no-root
-      - poetry run ruff check .
-      - poetry run mypy broker_sync tests
-      - poetry run pytest -q
-
-  - name: build-and-push
-    image: woodpeckerci/plugin-docker-buildx
-    depends_on:
-      - lint-and-test
-    settings:
-      # Image name is `wealthfolio-sync` to match the deployment in
-      # infra/stacks/wealthfolio/main.tf (CronJob `wealthfolio-sync`).
-      # The repo is called `broker-sync` because the source covers
-      # multiple brokers (Trading 212, Schwab, Fidelity, IMAP-CSV) —
-      # we just happen to publish it under the wealthfolio name since
-      # that's the consumer stack.
-      repo:
-        - forgejo.viktorbarzin.me/viktor/wealthfolio-sync
-      logins:
-        - registry: forgejo.viktorbarzin.me
-          username:
-            from_secret: forgejo_user
-          password:
-            from_secret: forgejo_push_token
-      dockerfile: Dockerfile
-      context: .
-      auto_tag: true
-      platforms:
-        - linux/amd64