feat: deploy Renovate Bot via CronJob for automatic dependency updates

- CronJob every 6h, concurrencyPolicy: Forbid
- Platform gitea at git.chemavx.xyz, repos: researchowl, polymarket-bot, n8n
- packageRules: major=PR only, patch=automerge, private registry disabled
- Secret placeholder for Gitea token (fill in before applying ArgoCD app)
- ArgoCD Application with automated sync

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

renovate/cronjob-renovate.yaml

@@ -0,0 +1,45 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: renovate
+  namespace: renovate
+spec:
+  schedule: "0 */6 * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      backoffLimit: 0
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: renovate
+            image: ghcr.io/renovatebot/renovate:latest
+            imagePullPolicy: Always
+            env:
+            - name: RENOVATE_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: renovate-token
+                  key: RENOVATE_TOKEN
+            - name: RENOVATE_CONFIG_FILE
+              value: /opt/renovate/config.js
+            - name: LOG_LEVEL
+              value: info
+            resources:
+              requests:
+                cpu: 100m
+                memory: 256Mi
+              limits:
+                cpu: "1"
+                memory: 1Gi
+            volumeMounts:
+            - name: config
+              mountPath: /opt/renovate
+              readOnly: true
+          volumes:
+          - name: config
+            configMap:
+              name: renovate-config