Migrate SonarQube to sn.e-cosplay.fr, rotate badge token, drop OWASP Dependency-Check, update deploy host

- .env, .env.test, ansible/env.local.j2: point SONARQUBE_URL to https://sn.e-cosplay.fr
- ansible/vault.yml, .env: rotate sonarqube_badge_token to new value
- .gitea/workflows/ci.yml, sonarqube.yml: remove OWASP Dependency-Check steps and force sonar.host.url via CLI args
- sonar-project.properties: drop dependencyCheck report paths
- .gitea/workflows/deploy.yml: switch SSH target from 34.90.187.4 to 152.228.222.133

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/sonarqube.yml

@@ -92,25 +92,13 @@ jobs:
           ./hadolint docker/php/dev/Dockerfile -f json > hadolint-dev.json || true
           ./hadolint docker/php/prod/Dockerfile -f json > hadolint-prod.json || true
 
-      - name: OWASP Dependency-Check
-        uses: dependency-check/Dependency-Check_Action@main
-        with:
-          project: 'e-ticket'
-          path: '.'
-          format: 'JSON,HTML'
-          args: >
-            --scan composer.lock
-            --scan package.json
-            --out .
-            --disableAssembly
-        continue-on-error: true
-
       - name: SonarQube Scan
         uses: sonarsource/sonarqube-scan-action@v5
         with:
           args: >
+            -Dsonar.host.url=https://sn.e-cosplay.fr
             -Dsonar.qualitygate.wait=true
             -Dsonar.scm.forceReloadAll=true
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: https://sn.esy-web.dev
+          SONAR_HOST_URL: https://sn.e-cosplay.fr