Add insecure registry config and --tls-verify=false to buildah bud

The previous --tls-verify=false on login/push wasn't sufficient.
Register git.kimchi as an insecure registry and also skip TLS
verification during the image build step.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/deploy.yaml

@@ -21,24 +21,16 @@ jobs:
 
       - name: Build and push container image
         run: |
-          set -ex
+          mkdir -p /etc/containers
+          printf '[registries.insecure]\nregistries = ["git.kimchi"]\n' > /etc/containers/registries.conf
 
           IMAGE_TAG="${{ env.IMAGE }}:sha-${GITHUB_SHA::8}"
           IMAGE_LATEST="${{ env.IMAGE }}:latest"
 
           buildah bud --tls-verify=false -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" .
-
-          CREDS="${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}"
-
-          echo "=== debug: Www-Authenticate header ==="
-          curl -sk -I https://git.kimchi/v2/ | grep -i www-authenticate || true
-          echo ""
-
-          echo "=== buildah push tag ==="
-          buildah push --tls-verify=false --creds "$CREDS" "$IMAGE_TAG"
-
-          echo "=== buildah push latest ==="
-          buildah push --tls-verify=false --creds "$CREDS" "$IMAGE_LATEST"
+          buildah login --tls-verify=false "${{ env.REGISTRY }}" -u "${{ secrets.REGISTRY_USER }}" -p "${{ secrets.REGISTRY_PASSWORD }}"
+          buildah push --tls-verify=false "$IMAGE_TAG"
+          buildah push --tls-verify=false "$IMAGE_LATEST"
 
           echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"