Replaces the obsolete test.sh (which referenced configs/prod.conf,
a file that no longer exists) with 12 static-analysis checks:
1. No deprecated TLS versions (TLSv1 / TLSv1.1)
2. No duplicate literal server_name values
3. Every sites-available conf has a sites-enabled symlink
4. No broken symlinks in sites-enabled
5. No orphaned sites-enabled symlinks
6. No HTTP-only server blocks (port 80 without port 443)
7. ssl_certificate / ssl_certificate_key counts match per file
8. Plain-HTTP proxy_pass targets are local only
9. All SSL cert paths use /etc/letsencrypt/live/
10. ssl_certificate uses fullchain.pem, key uses privkey.pem
11. No raw IP addresses as server_name
12. conf.d contains only expected files
Adds .gitea/workflows/test.yml with two CI jobs: static-analysis
(runs test.sh, no nginx required) and syntax-check (installs
nginx-full, copies config, generates stub SSL certs for all
referenced letsencrypt paths, then runs nginx -t).
hikari
naomi
nhcarrigan