Vendored RPMs currently upload to Gitea's per-distro RPM registry. Publish
them instead to the artifactapi per-distro rpm-vendor local repos (real yum
repos; repodata regenerates automatically), keeping them separate from
in-house software (rpm-internal). The build jobs are unchanged (build-all
per distro).
- .woodpecker/deploy-*.yaml: retarget the deploy-rpms step from
git.unkin.net/api/packages/... to a PUT against artifactapi
/api/v2/remotes/rpm-vendor-<distro>/files/ (unauthenticated, like the other
repos), with an existence probe to skip re-uploads. Drops the
DRONECI_PASSWORD secret.
- tools/build: repoint check_package_exists from the Gitea packages API to
the artifactapi rpm-vendor repo so build-all's skip check matches the real
publish target; verify artifactapi's internal TLS cert against the OS CA
bundle; carry arch on PackageInfo so the probed filename matches the RPM.