feat(api): add manual sync endpoint for on-demand refresh

[jonnii]

POST /api/v1/repos/{repoID}/sync forces an immediate refresh of one repo. It is
the manual complement to the webhook and interval refreshes, and the primary way
to pull remote changes on a local server that GitHub cannot reach with a webhook
(webhooks are server-mode only; locally the fsnotify watcher covers local edits
and this covers on-demand remote pulls).

The refresh path is safety-aware:

• Managed mirror: synchronous mirror-fetch + rebuild (detached HEAD, safe).
• Local -cwd working repo: re-read on-disk refs only, never mirror-fetch — that
  would detach the operator working tree HEAD (safety-invariants.md).

The route is session-gated like submit and refused on a public read-only server,
so it is never an anonymous fetch trigger; on a local auth-disabled server it
stays reachable.

---

Stack

• PR refactor(web): remove sample alice/bob stacks from repo provider #1313
  • PR feat(server): drive deploy posture from STACKIT_ENV, not $PORT #1314
    • PR refactor(api): extract Syncer.SyncRepo for per-repo sync triggers #1315
      • PR feat(api): add GitHub webhook signature + push parsing helper #1316
        • PR feat(api): add GitHub webhook receiver for evented refresh #1317
          • PR feat(api): coalesce webhook-driven syncs per repo #1318
            • PR feat(api): add manual sync endpoint for on-demand refresh #1319 👈
              • PR feat(server): default sync interval to 5m and document evented refresh #1320
                • PR feat(server): index repos by owner/repo for GitHub-style routes #1322
                  • PR feat(server): serve repos at /repos/{owner}/{repo} path routes #1323
                  • PR feat(web): GitHub-style path URLs for repos, branches, stacks, PRs #1324

_{Auto-generated by Stackit}