Whitelist CI_PROJECT_DIR for git safe.directory in release beta

Summary

• Fixes the release beta job failing with fatal: detected dubious ownership in repository at '/builds/gitlab-runner'.
• Adds one line — git config --global --add safe.directory "$CI_PROJECT_DIR" — before the git describe call in the release beta job.

Why

The Kubernetes executor's init-permissions container runs as root; the build container runs as a different user. Git's CVE-2022-24765 protection refuses to operate on a working tree whose UID doesn't match the process UID. The build image recently picked up a Git version that enforces this, breaking every beta release pipeline. Scoping the whitelist to $CI_PROJECT_DIR keeps the bypass tight; the wildcard form was avoided deliberately.

release stable and other CI jobs were audited and do not invoke Git against the working tree, so this is the only change needed.

Closes #598 (closed)

Test plan

• Pipeline on this MR completes successfully (the release beta job won't run on a branch pipeline, but lint/unit jobs validate the YAML).
• After merge, the next main pipeline's release beta job succeeds and publishes the chart to the S3 beta repo.
• helm repo update gitlab-runner-beta on a clean client sees a new version with a <timestamp>-<count>-g<sha> suffix (format preserved).