Gitea: Missing repository-unit authorization on issue-template API endpoints

An attacker who has access to a private repository through any single repository unit (e.g., an organization team granted only the Issues unit, with no Code access) can read the issue-template and issue-config files from that repository's Code default branch [ref_id=1][ref_id=2]. The attacker sends a GET request to `/api/v1/repos/{owner}/{repo}/issue_templates` (or `/issue_config` or `/issue_config/validate`) with a valid token that grants access to the repository but not the Code unit. The response returns the parsed contents of `.gitea/ISSUE_TEMPLATE/*` and `issue_config.yaml`, bypassing the unit-level authorization that should require Code-unit permission [CWE-862].

The three API endpoints `GET /repos/{owner}/{repo}/issue_templates`, `GET /repos/{owner}/{repo}/issue_config`, and `GET /repos/{owner}/{repo}/issue_config/validate` in `routers/api/v1/api.go:1433-1437` are registered without the `reqRepoReader(unit.TypeCode)` authorization middleware that every sibling Code-tree endpoint carries. The handlers in `routers/api/v1/repo/repo.go` (`GetIssueTemplates` at line 1179, `GetIssueConfig` at line 1209) read `.gitea/ISSUE_TEMPLATE/*` and `issue_config.yaml` from the default Code branch and return their contents via the API response.

The fix adds `reqRepoReader(unit.TypeCode)` as a middleware to the three unprotected endpoints in `routers/api/v1/api.go`, matching the guard already present on sibling Code-tree endpoints like `/languages` and `/licenses` [ref_id=1][ref_id=2]. This ensures that only callers who have been granted the Code unit permission for the repository can invoke these handlers. Without this guard, the enclosing group's `repoAssignment()` check only verifies access to *any* repository unit, which is insufficient for endpoints that read Code-tree content.