Add HTTPS configuration with cert-manager

- cert-manager namespace
- ClusterIssuer for Let's Encrypt (prod and staging)
- HTTPS Ingress for ArgoCD, Gitea, and test-app
- Automatic certificate management

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

manifests/03-clusterissuer.yaml

@@ -0,0 +1,34 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # Let's Encrypt production server
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email for certificate expiration notifications
+    email: admin@jpc.net3w.com
+    # Secret to store ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # HTTP-01 challenge
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # Let's Encrypt staging server (for testing)
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: admin@jpc.net3w.com
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - http01:
+        ingress:
+          class: traefik