🔒 Fix SSL certificate verification in Gitea client

Replace boolean SSL verification with certificate bundle usage to eliminate InsecureRequestWarning. Implements prioritized CA bundle detection from environment variables and project-local certificates.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/services/gitea_client.py

@@ -16,7 +16,23 @@ class GiteaClient:
         self.api_base_url = os.getenv("GITEA_API_URL", "").rstrip("/")
         self.token = os.getenv("GITEA_API_TOKEN")
         self.username = os.getenv("GITEA_USERNAME")
-        self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true"
+        
+        # Configure SSL verification with certificate bundle
+        ssl_cert_file = os.getenv("SSL_CERT_FILE")
+        requests_ca_bundle = os.getenv("REQUESTS_CA_BUNDLE")
+        
+        # Use certificate bundle if available, otherwise fall back to boolean verification
+        if ssl_cert_file and os.path.exists(ssl_cert_file):
+            self.verify_ssl = ssl_cert_file
+        elif requests_ca_bundle and os.path.exists(requests_ca_bundle):
+            self.verify_ssl = requests_ca_bundle
+        else:
+            # Check for project-local certificate bundle
+            project_ca_bundle = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), "certs", "mei_sheng_ca_bundle.pem")
+            if os.path.exists(project_ca_bundle):
+                self.verify_ssl = project_ca_bundle
+            else:
+                self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true"
         
         if not self.api_base_url:
             logger.warning("GITEA_API_URL is not configured. Gitea integration will not work.")