fix(ci): target self-hosted runner for SonarQube jobs

[dancodingbr]

Problem

All SonarQube CI jobs were timing out because GitHub's cloud runners cannot reach SonarQube on the private production server (Connect timed out).

Solution

Route both sonar jobs to a self-hosted runner (labeled sonarqube) installed directly on the production server, which can reach SonarQube at localhost:9000.

Changes

• sonar-analysis-backend: runs-on → [self-hosted, sonarqube]
• sonar-analysis-frontend: runs-on → [self-hosted, sonarqube] + replaced sonarsource/sonarqube-scan-action (Docker-based — container cannot reach host localhost) with a direct sonar-scanner CLI call (must be installed on the runner — see setup docs)

Server setup required (one-time)

# Java 21
sudo apt-get install -y temurin-21-jdk

# sonar-scanner CLI
SCANNER_VERSION=6.2.1.4610
wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SCANNER_VERSION}-linux-x64.zip" -O /tmp/sonar-scanner.zip
sudo unzip -q /tmp/sonar-scanner.zip -d /opt/
sudo ln -sf /opt/sonar-scanner-${SCANNER_VERSION}-linux-x64/bin/sonar-scanner /usr/local/bin/sonar-scanner

Secrets update required

Change SONAR_HOST_URL secret from the server's public IP to http://localhost:9000.

Test plan

• Self-hosted runner appears as Online in repo Settings → Actions → Runners
• SonarQube (api-gateway) and other backend jobs run on prod-server (not ubuntu-latest)
• SonarQube (frontend) runs on prod-server and calls sonar-scanner directly
• All 7 projects appear in SonarQube dashboard at http://localhost:9000

🤖 Generated with Claude Code