fix(deploy): remove broken init container, document registry push workaround

The Helm init container used /bin/RunProdServer which doesn't exist in IHP's
Nix Docker image (binary is at a Nix store path). Additionally, IHP v1.5's
RunProdServer starts the server after migrating — it never exits — so init
containers are the wrong pattern. IHP applies schema changes on startup.

Changes:
- Remove initContainers block from deployment.yaml entirely
- Set runMigrations: false as default in values.yaml
- Update RUNBOOK.md with correct skopeo push procedure (pre-fetch bearer token
  to work around Gitea's misconfigured token realm URL: port 80 vs actual 32166)
- Add note that the Nix image has no /bin/sh or /bin/RunProdServer wrapper

k3s registry auth: credentials added to /etc/rancher/k3s/registries.yaml and
iptables DNAT rule added on Railiance01 (92.205.130.254:80 → 32166) so the
ACME token realm redirect works. hub.coulomb.social DNS A record still needed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

deploy/helm/inter-hub/templates/deployment.yaml

@@ -15,15 +15,6 @@ spec:
       labels:
         app: {{ .Release.Name }}
     spec:
-      initContainers:
-        {{- if .Values.runMigrations }}
-        - name: migrate
-          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-          command: ["/bin/RunProdServer", "migrate"]
-          envFrom:
-            - secretRef:
-                name: {{ .Values.envFrom.secretRef }}
-        {{- end }}
       containers:
         - name: inter-hub
           image: {{ .Values.image.repository }}:{{ .Values.image.tag }}

deploy/helm/inter-hub/values.yaml

@@ -30,4 +30,4 @@ resources:
 envFrom:
   secretRef: inter-hub-env
 
-runMigrations: true
+runMigrations: false