ci: install internal CA from IPA instead of skipping SSL verification

Fetches the Kindred CA cert from ipa.kindred.internal and installs it
into the system trust store before checkout. Removes GIT_SSL_NO_VERIFY.

.gitea/workflows/ci.yaml

@@ -26,7 +26,6 @@ on:
 env:
   PIP_CACHE_DIR: /tmp/pip-cache-solver
   TORCH_INDEX: https://download.pytorch.org/whl/cpu
-  GIT_SSL_NO_VERIFY: "true"
 
 jobs:
   # ---------------------------------------------------------------------------
@@ -35,6 +34,12 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
+      - name: Trust internal CA
+        run: |
+          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
+            -o /usr/local/share/ca-certificates/kindred-internal.crt
+          update-ca-certificates
+
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
@@ -54,6 +59,12 @@ jobs:
   type-check:
     runs-on: ubuntu-latest
     steps:
+      - name: Trust internal CA
+        run: |
+          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
+            -o /usr/local/share/ca-certificates/kindred-internal.crt
+          update-ca-certificates
+
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
@@ -75,6 +86,12 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      - name: Trust internal CA
+        run: |
+          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
+            -o /usr/local/share/ca-certificates/kindred-internal.crt
+          update-ca-certificates
+
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
@@ -99,6 +116,12 @@ jobs:
       (github.event_name == 'push' && github.ref == 'refs/heads/main')
     needs: [test]
     steps:
+      - name: Trust internal CA
+        run: |
+          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
+            -o /usr/local/share/ca-certificates/kindred-internal.crt
+          update-ca-certificates
+
       - name: Checkout
         uses: https://github.com/actions/checkout@v4