fix(test-env): replace Job with initContainer for runner registration

Problem: Job ran on every ArgoCD sync, creating duplicate runners in Gitea.
Solution:
- initContainer gets token + saves to PVC (/data/.registration-token)
- Runner container registers once, persists .runner file in PVC
- Subsequent restarts skip registration (idempotent)
- PVC runner-data (1Gi) persists registration across pod restarts
- Removed register-job.yaml, moved RBAC to rbac.yaml
- Runner waits for DinD before starting
- Stable runner name: test-env-runner
- Labels: edt + ubuntu-latest

test-env/gitea-runner/rbac.yaml

@@ -0,0 +1,34 @@
+# RBAC for runner registration initContainer
+# Allows reading gitea-admin secret and listing pods in gitea namespace
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: runner-registrar
+  namespace: test-env
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: test-env-gitea-reader
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["gitea-admin"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: test-env-gitea-reader
+subjects:
+  - kind: ServiceAccount
+    name: runner-registrar
+    namespace: test-env
+roleRef:
+  kind: ClusterRole
+  name: test-env-gitea-reader
+  apiGroup: rbac.authorization.k8s.io