fix: resolve Woodpecker-Forgejo OAuth integration issues

- Enable Forgejo registration for OAuth users (DISABLE_REGISTRATION=false)
- Use public URL for Woodpecker OAuth redirects instead of internal hostname
- Add WOODPECKER_OPEN=true to allow new user registrations
- Bcrypt hash OAuth client secret before storing in database

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

files/stacks/docker-compose.ops.yml

@@ -50,7 +50,7 @@ services:
       - FORGEJO__server__SSH_PORT=22
       - FORGEJO__server__SSH_LISTEN_PORT=2222
       - FORGEJO__database__DB_TYPE=sqlite3
-      - FORGEJO__service__DISABLE_REGISTRATION=true
+      - FORGEJO__service__DISABLE_REGISTRATION=false
       - FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
       - FORGEJO__webhook__ALLOWED_HOST_LIST=external,loopback,10.0.0.0/24
       - FORGEJO__security__INSTALL_LOCK=true
@@ -74,7 +74,8 @@ services:
     environment:
       - WOODPECKER_HOST=https://ci.$${DOMAIN}
       - WOODPECKER_FORGEJO=true
-      - WOODPECKER_FORGEJO_URL=http://forgejo:3000
+      - WOODPECKER_FORGEJO_URL=https://source.$${DOMAIN}
+      - WOODPECKER_OPEN=true
       - WOODPECKER_FORGEJO_CLIENT=$${WOODPECKER_FORGEJO_CLIENT}
       - WOODPECKER_FORGEJO_SECRET=$${WOODPECKER_FORGEJO_SECRET}
       - WOODPECKER_AGENT_SECRET=$${WOODPECKER_AGENT_SECRET}