sol: vault auth, gitea integration, search fixes

sol-config: added [vault] and [services.gitea] sections, fetch
allowlist (wttr.in, open-meteo, github), bumped context windows
to 200, updated system prompt with run_script docs and tool rules.

sol-deployment: added gitea admin credential env vars from
sol-secrets, automountServiceAccountToken for vault k8s auth.

vault-secrets: added gitea-admin-username and gitea-admin-password
templates to sol-secrets VSS.

base/matrix/sol-deployment.yaml

@@ -16,6 +16,14 @@ spec:
         app: sol
     spec:
       enableServiceLinks: false
+      automountServiceAccountToken: true
+      initContainers:
+        - name: fix-permissions
+          image: busybox
+          command: ["sh", "-c", "chmod -R 777 /data && mkdir -p /data/matrix-state && chmod 777 /data/matrix-state"]
+          volumeMounts:
+            - name: sol-data
+              mountPath: /data
       containers:
         - name: sol
           image: sol
@@ -39,6 +47,16 @@ spec:
                 secretKeyRef:
                   name: sol-secrets
                   key: mistral-api-key
+            - name: SOL_GITEA_ADMIN_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: sol-secrets
+                  key: gitea-admin-username
+            - name: SOL_GITEA_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: sol-secrets
+                  key: gitea-admin-password
           volumeMounts:
             - name: sol-config
               mountPath: /etc/sol/sol.toml