fix(ci): use REGISTRY_TOKEN for build-and-push registry login (CAR-1330)

Squashed fix swaps github.token → secrets.REGISTRY_TOKEN at .gitea/workflows/ci.yml:121, matching the proven-green cartsnitch/auth pattern (CAR-1009). Parity fix with uat PR #49 to prevent reintroduction on next dev→uat promotion.

Note: includes 3 absorbed lint/typecheck commits from PR #48 (already merged to dev via #48) to unblock CI on this branch. No app code changes; one-line CI config swap only.

QA: PR #50 approved by @cs_charlie (review id 4616); CI run 3443 lint/typecheck/test all green.
Co-authored-by: Barcode Betty <32+cs_betty@noreply.git.farh.net>
Co-committed-by: Barcode Betty <32+cs_betty@noreply.git.farh.net>

src/cartsnitch_api/cache.py

@@ -35,7 +35,7 @@ class CacheClient:
     async def get(self, key: str) -> str | None:
         if not self._client:
             return None
-        value = await self._client.get(key)
+        value: str | bytes | None = await self._client.get(key)
         if value is None:
             return None
         if isinstance(value, bytes):

src/cartsnitch_api/middleware/rate_limit.py

@@ -121,10 +121,6 @@ if settings.rate_limit_redis_enabled:
         logger.warning("Failed to connect to Redis for rate limiting, using in-memory: %s", e)
         _use_redis = False
 
-_public_limiter: RateLimitBackend
-_auth_limiter: RateLimitBackend
-_auth_strict_limiter: RateLimitBackend
-
 if _use_redis and _redis_client:
     _public_limiter = RedisSlidingWindow(
         _redis_client, settings.rate_limit_requests, settings.rate_limit_window_seconds