TLS Docker jobs with Forgejo Actions (systemd)

A guide to configuring TLS-enabled Docker-in-Docker (DIND) containers with Forgejo runner running via systemd, including certificate mounting and secure job isolation.