Replaces inline docker login + metadata + build-push + tag-cleanup with the shared build-image composite action. Standardizes on CI_BOT_TOKEN (drops REGISTRY_PASSWORD).
Rewrites dnsPolicy+dnsConfig on ClusterFirst pods to distribute queries across 3 randomly-selected auth-dns nameservers with edns0/rotate/ndots:5. Includes Gitea CI workflow and README. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Donavan Fritz