OPC # 0009: Fix Worker gitea HttpClient missing token and base URL

ControlPlane.Worker/Program.cs

@@ -27,8 +27,14 @@ builder.Services.AddKeycloakAdminHttpClient(o =>
 // Custom admin client - handles realm creation, roles, role assignment (not in SDK)
 builder.Services.AddSingleton<KeycloakAdminClient>();
 
-// Named HttpClient for Gitea commit status API (self-signed cert)
-builder.Services.AddHttpClient("gitea").ConfigurePrimaryHttpMessageHandler(() =>
+// Named HttpClient for Gitea commit status API (self-signed cert + token auth)
+builder.Services.AddHttpClient("gitea", (sp, client) =>
+{
+    var cfg = sp.GetRequiredService<IConfiguration>();
+    client.BaseAddress = new Uri(cfg["Gitea:BaseUrl"] ?? "https://opc.clarity.test");
+    client.DefaultRequestHeaders.Authorization =
+        new System.Net.Http.Headers.AuthenticationHeaderValue("token", cfg["Gitea:Token"]);
+}).ConfigurePrimaryHttpMessageHandler(() =>
     new HttpClientHandler { ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator });
 
 // opcdb for build/release history tracking