feat(deploy): improve ssh key handling and deployment security

- Remove hardcoded SSH private key file path from workflow
- Use proper SSH directory structure (~/.ssh/) for key storage
- Add known_hosts file for improved SSH security
- Move environment variables to dedicated env block
- Remove StrictHostKeyChecking=no for better security
- Update deploy script to use proper SSH key path
- Maintain deployment path configuration via environment variables

.gitea/workflows/deploy.yaml

@@ -17,8 +17,6 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - run: echo "${{ secrets.SSH_PRIVATE_KEY }}" > /private.key
-      - run: chmod 600 /private.key
       - run: |
           export HUGO_VERSION=$(curl --silent -I https://github.com/gohugoio/hugo/releases/latest | grep location | sed 's|.*tag/||' | tr -d '\r')
           export HUGO_VERSION_SHORT=$(echo ${HUGO_VERSION} | sed 's/v//')
@@ -27,10 +25,17 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: true
-      - run: APP_VERSION=latest make
       - run: |
-          export SSH_PRIVATE_KEY=/private.key
-          export SSH_USERNAME=${{ secrets.SSH_USERNAME }}
-          export DEPLOYMENT_HOST=${{ secrets.DEPLOYMENT_HOST }}
-          export DEPLOYMENT_PATH=${{ secrets.DEPLOYMENT_PATH }}
+          mkdir -p ~/.ssh/
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+          make
           make deploy
+        env:
+          SSH_USERNAME: ${{ vars.SSH_USERNAME }}
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          SSH_KNOWN_HOSTS: ${{ vars.SSH_KNOWN_HOSTS }}
+          DEPLOYMENT_HOST: ${{ vars.DEPLOYMENT_HOST }}
+          DEPLOYMENT_PATH: ${{ vars.DEPLOYMENT_PATH }}
+          APP_VERSION: ${{ vars.GITHUB_REF_NAME }}