feat: consolidate CI/CD pipeline with Harbor integration

- Merged 5 workflows into single main.yml
- Added Harbor registry support for local container storage
- Updated deployment script with Harbor login
- Enhanced webhook receiver with Harbor password env var
- Updated docker-compose.yml to use Harbor images
- Archived old workflow files for reference
- Added comprehensive workflow documentation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

docker-compose.yml

@@ -20,6 +20,7 @@ services:
       retries: 5
 
   api:
+    image: ${DOCKER_REGISTRY:-harbor.pkartchner.com}/${DOCKER_USERNAME:-basil}/basil-api:${IMAGE_TAG:-latest}
     build:
       context: .
       dockerfile: packages/api/Dockerfile
@@ -57,6 +58,7 @@ services:
       - traefik
 
   web:
+    image: ${DOCKER_REGISTRY:-harbor.pkartchner.com}/${DOCKER_USERNAME:-basil}/basil-web:${IMAGE_TAG:-latest}
     build:
       context: .
       dockerfile: packages/web/Dockerfile
@@ -69,10 +71,18 @@ services:
       - internal
     labels:
       - "traefik.enable=true"
+      # HTTP router (will redirect to HTTPS)
+      - "traefik.http.routers.basil-http.rule=Host(`basil.pkartchner.com`)"
+      - "traefik.http.routers.basil-http.entrypoints=http"
+      - "traefik.http.routers.basil-http.middlewares=redirect-to-https"
+      # HTTPS router
       - "traefik.http.routers.basil.rule=Host(`basil.pkartchner.com`)"
       - "traefik.http.routers.basil.entrypoints=https"
       - "traefik.http.routers.basil.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.basil.middlewares=geoblock@file,secure-headers@file,crowdsec-bouncer@file"
+      # Service
       - "traefik.http.services.basil.loadbalancer.server.port=80"
+      - "traefik.docker.network=traefik"
 
 volumes:
   postgres_data: