ci: Q2 Chunk 4 — Gitea Actions CI/CD + Docker 生产化

- 创建 .gitea/workflows/ci.yml 四 job 并行流水线
  (rust-check, rust-test, frontend-build, security-audit)
- Docker Compose 端口不暴露到宿主机（使用 expose）
- Redis 添加 requirepass 密码认证
- 添加容器资源限制 (1 CPU / 512MB)
- Redis URL 格式更新为带密码认证

docker/docker-compose.yml

@@ -8,8 +8,8 @@ services:
       POSTGRES_USER: ${POSTGRES_USER:-erp}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-erp_dev_2024}
       POSTGRES_DB: ${POSTGRES_DB:-erp}
-    ports:
-      - "${POSTGRES_PORT:-5432}:5432"
+    expose:
+      - "5432"
     volumes:
       - postgres_data:/var/lib/postgresql/data
     healthcheck:
@@ -17,19 +17,30 @@ services:
       interval: 5s
       timeout: 5s
       retries: 5
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 512M
 
   redis:
     image: redis:7-alpine
     container_name: erp-redis
-    ports:
-      - "${REDIS_PORT:-6379}:6379"
+    command: redis-server --requirepass ${REDIS_PASSWORD:-erp_redis_dev}
+    expose:
+      - "6379"
     volumes:
       - redis_data:/data
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-erp_redis_dev}", "ping"]
       interval: 5s
       timeout: 5s
       retries: 5
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 512M
 
 volumes:
   postgres_data: