docs: drop "forge" jargon for concrete wording

We use Gitea, not an abstract forge. Reword the pre-existing research
and PRD docs: the generic "Forge-API gate"/"forge tokens" become
"Git-host-API gate"/"Git-host tokens" (the gate still spans Gitea /
GitHub / GitLab), "Git/forge history" -> "Git/Gitea history", and the
KNOWN_FORGE_HOSTS / forge: manifest-field examples -> KNOWN_GIT_HOSTS
/ git_host:. Meaning preserved; only the word "forge" is dropped.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

docs/research/secret-minimization-over-dlp.md

@@ -148,7 +148,7 @@ telemetry to `statsig.anthropic.com` — are documented in
 [`agent-credential-proxy-landscape.md`](agent-credential-proxy-landscape.md)
 §Anthropic / Claude Code.
 
-**Forge-API gate (Gitea / GitHub / GitLab).** Holds the PAT;
+**Git-host-API gate (Gitea / GitHub / GitLab).** Holds the PAT;
 exposes a narrow REST surface. Token auth on all three is
 stateless `Authorization`-header injection — no CSRF, no request
 signing, no per-request nonce — so one proxy generalizes by
@@ -221,7 +221,7 @@ Add a `secret: true` flag (or a `secrets:` sibling of `env:`) that:
   AWS_SECRET_ACCESS_KEY").
 - Refuses to launch if `egress.allowlist` contains any host that
   is not source-controlled by the user (heuristic: not on a
-  built-in `KNOWN_FORGE_HOSTS` list).
+  built-in `KNOWN_GIT_HOSTS` list).
 - Forces an explicit acknowledgement that a credential is being
   placed into the bottle rather than behind a gate.
 
@@ -280,7 +280,7 @@ In priority order:
    ([`agent-credential-proxy-landscape.md`](agent-credential-proxy-landscape.md)
    §Recommended). Removes the highest-value secret and closes the
    passthrough hole as a side effect.
-2. **Forge-API gate** (same doc, same section — one proxy
+2. **Git-host-API gate** (same doc, same section — one proxy
    generalizes across Gitea / GitHub / GitLab by config).
 3. **Egress data budget** in pipelock — small lift, large damage
    bound.