Update Docker Registry URLs to HTTPS endpoint (registry.michaelschiemer.de)

- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS)
- Update all Ansible playbooks and configuration files
- Update CI/CD workflows to use HTTPS registry endpoint
- Update Docker Compose files with new registry URL
- Update documentation and scripts

Benefits:
- Secure HTTPS connection (no insecure registry config needed)
- Consistent use of HTTPS endpoint via Traefik
- Better security practices for production deployment

deployment/gitea-runner/README.md

@@ -112,10 +112,41 @@ ubuntu-22.04:docker://node:16-bullseye
 # Debian
 debian-latest:docker://debian:bullseye
 
+# PHP CI Image (optimized with PHP 8.5, Composer, Ansible pre-installed)
+# Build first: ./build-ci-image.sh
+php-ci:docker://php-ci:latest
+
 # Custom images from private registry
 ubuntu-php:docker://registry.michaelschiemer.de/php:8.3-cli
 ```
 
+**Using the PHP CI Image**:
+
+The `php-ci` image is pre-built with PHP 8.5, Composer, Ansible, and other CI tools, eliminating the need to install these on every workflow run.
+
+1. Build the CI image:
+   ```bash
+   ./build-ci-image.sh
+   ```
+
+2. Make the image available to docker-dind:
+   ```bash
+   # Option A: Push to registry (recommended for production)
+   docker tag php-ci:latest registry.michaelschiemer.de/ci/php-ci:latest
+   docker push registry.michaelschiemer.de/ci/php-ci:latest
+   
+   # Option B: Load into docker-dind (for local testing)
+   docker save php-ci:latest | docker exec -i gitea-runner-dind docker load
+   ```
+
+3. Update `.env` with the `php-ci` label (already included in example)
+
+4. Re-register runner:
+   ```bash
+   ./unregister.sh
+   ./register.sh
+   ```
+
 **Example Workflow Using Labels**:
 ```yaml
 # .gitea/workflows/test.yml