feat: replace actions/checkout with manual git clone for Gitea compatibility

BREAKING CHANGE: Replace GitHub Actions checkout with explicit git clone

- Remove unreliable actions/checkout@v4 from all workflows
- Add manual git clone with HTTPS URL for deterministic behavior
- Explicit working directory control with 'cd repo' in each step
- Add debug verification steps to confirm repository context
- Fix npm install failures by ensuring correct working directory
- Update all 7 workflows: ci.yml, audit.yml, fix.yml, test.yml, security-scanning.yml, cli-level1-tests.yml, ci-cd.yml
- Use HTTPS clone URL for compatibility with Gitea runners
- Add 'rm -rf repo' to ensure clean clone each run

This resolves the issue where workflows were executing in hostexecutor directory
instead of repository workspace, causing npm install failures.

.gitea/workflows/security-scanning.yml

@@ -1,31 +1,38 @@
-name: debug
+name: security-scanning
 
 on:
+  push:
   workflow_dispatch:
 
 jobs:
-  debug:
+  audit:
     runs-on: debian
 
     steps:
-      - name: DEBUG BEFORE CHECKOUT
+      - name: Clone repository
         run: |
-          echo "=== BEFORE ==="
+          rm -rf repo
+          git clone https://gitea.bubuit.net/oib/aitbc.git repo
+
+      - name: Verify repository context
+        run: |
+          cd repo
+          echo "PWD:"
           pwd
+          echo "FILES:"
           ls -la
 
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: DEBUG AFTER CHECKOUT
+      - name: Install dependencies
         run: |
-          echo "=== AFTER ==="
-          pwd
-          ls -la
+          cd repo
+          npm install
 
-      - name: Find package.json
+      - name: Audit dependencies
         run: |
-          find . -name package.json || true
+          cd repo
+          npm audit || true
 
-      - name: Install deps
-        run: npm install --legacy-peer-deps
+      - name: Security scan
+        run: |
+          cd repo
+          npm audit --audit-level moderate || true