feat: migrar a useAuthentik y configurar CI/CD con Gitea Actions

- Migrar de useAuth() a useAuthentik() para autenticación SSR
- Actualizar componentes UserMenu, AppSidebar y profile.vue
- Configurar docker-compose.yml con variables dinámicas
- Agregar Gitea Actions workflow para build y deploy automático
- Implementar hook de monitoreo de Gitea Actions
- Configurar secrets y variables para deploy seguro
- Actualizar configuración de Traefik con Authentik Forward Auth

.gitea/workflows/build-and-deploy.yml

@@ -0,0 +1,73 @@
+name: build-and-deploy
+
+on:
+  push:
+    branches: [ main, master ]
+
+jobs:
+#───────────────── build & push ─────────────────
+  build:
+    runs-on: docker
+    env:
+      REG: ${{ vars.REGISTRY_URL }}
+      APP_NAME: ${{ vars.APP_NAME }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v2
+      - uses: docker/login-action@v2
+        with:
+          registry: ${{ vars.REGISTRY_URL }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Build+push ${{ vars.APP_NAME }}
+        run: |
+          cd nuxt4-app
+          docker build -t $REG/${{ github.repository_owner }}/$APP_NAME:${{ github.sha }} -t $REG/${{ github.repository_owner }}/$APP_NAME:latest .
+          docker push $REG/${{ github.repository_owner }}/$APP_NAME:${{ github.sha }}
+          docker push $REG/${{ github.repository_owner }}/$APP_NAME:latest
+
+#───────────────── deploy ─────────────────
+  deploy:
+    needs: build
+    runs-on: docker
+    env:
+      REG: ${{ vars.REGISTRY_URL }}
+      REPO_OWNER: ${{ github.repository_owner }}
+      APP_NAME: ${{ vars.APP_NAME }}
+      APP_DOMAIN: ${{ vars.APP_DOMAIN }}
+      # Variables sensibles de entorno desde secrets
+      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      PGRST_DB_AUTHENTICATOR_PASSWORD: ${{ secrets.PGRST_DB_AUTHENTICATOR_PASSWORD }}
+      PGRST_JWT_SECRET: ${{ secrets.PGRST_JWT_SECRET }}
+      SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
+      SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }}
+      SUPABASE_ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY }}
+      # Variables públicas desde vars
+      POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+      POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+      PGRST_DB_SCHEMA: ${{ vars.PGRST_DB_SCHEMA }}
+      PGRST_DB_ANON_ROLE: ${{ vars.PGRST_DB_ANON_ROLE }}
+      PGRST_OPENAPI_SERVER_PROXY_URI: ${{ vars.PGRST_OPENAPI_SERVER_PROXY_URI }}
+      NUXT_PUBLIC_POSTGREST_URL: ${{ vars.NUXT_PUBLIC_POSTGREST_URL }}
+      NUXT_PUBLIC_AUTHENTIK_URL: ${{ vars.NUXT_PUBLIC_AUTHENTIK_URL }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Login to registry
+        run: docker login ${{ vars.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Info about environment
+        run: |
+          echo "ℹ️  Deploying ${{ vars.APP_NAME }}"
+          echo "   Domain: ${{ vars.APP_DOMAIN }}"
+          echo "   Image: ${{ vars.REGISTRY_URL }}/${{ github.repository_owner }}/${{ vars.APP_NAME }}:latest"
+          echo "   Network: principal"
+
+      - name: Pull fresh images used in compose
+        run: docker compose pull
+
+      - name: Clean up stack
+        run: docker compose --project-name $APP_NAME down
+
+      - name: Update stack
+        run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait