fix(ci): correct container image lifecycle and SSH key setup - container:build now pushes $CI_COMMIT_REF_SLUG (slug on branches, main on default branch) - container:tag:latest copies main→SHA and main→latest on default-branch pipeline - container:tag:gittag copies SHA→$CI_COMMIT_TAG on tag pipelines (preserves dots) - BOT_SSH_PRIVATE_KEY set via chromagoth group variable (Terraform) - Tag protection wildcard removed — specific semver patterns now work - Manual jobs (release:dev, pages on branches) are non-blocking Changes since 0.1.0: - fix(ci): correct container image lifecycle — build pushes slug, SHA only on main - fix(ci): SSH key now set via group variable, remove pre-commit allow_failure - ci: make release:dev and pages non-blocking on branches