fix(cd): use NodePort 30022 for Gitea SSH in infra repo update

gitea.d-ma.be port 22 is rejected (NPM only proxies HTTP/HTTPS).
The runner runs on koala where the Gitea SSH NodePort 30022 is
reachable locally. Use SSH config override instead of ssh-keyscan.

.gitea/workflows/cd.yml

@@ -45,10 +45,15 @@ jobs:
           set -e
           trap 'rm -rf /tmp/infra-update; rm -f ~/.ssh/infra_deploy_key' EXIT
           IMAGE_TAG="${{ github.sha }}"
+          # Use internal Gitea SSH (runner is on koala — NodePort 30022 is reachable locally)
           mkdir -p ~/.ssh
           echo "${{ secrets.INFRA_DEPLOY_KEY }}" > ~/.ssh/infra_deploy_key
           chmod 600 ~/.ssh/infra_deploy_key
-          ssh-keyscan gitea.d-ma.be >> ~/.ssh/known_hosts 2>/dev/null
+          cat >> ~/.ssh/config << 'SSHEOF'
+Host gitea.d-ma.be
+  Port 30022
+  StrictHostKeyChecking no
+SSHEOF
 
           GIT_SSH_COMMAND="ssh -i ~/.ssh/infra_deploy_key -o IdentitiesOnly=yes" \
             git clone "${INFRA_REPO}" /tmp/infra-update