add budget alert and nightly OS-update reboot

- $10/month project budget via google_billing_budget, alerts to admin_email
- forgejo-reboot.timer at 04:30 UTC applies staged COS updates
- relocate cloud-init scripts to /var/lib/google/forgejo (COS noexec on /var)
- runbook: updated zone, script paths, added "How updates work" section

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

cloud-init/user-data.yaml.tpl

@@ -123,6 +123,27 @@ write_files:
       [Install]
       WantedBy=timers.target
 
+  - path: /etc/systemd/system/forgejo-reboot.service
+    content: |
+      [Unit]
+      Description=Apply staged COS updates by rebooting
+
+      [Service]
+      Type=oneshot
+      ExecStart=/sbin/shutdown -r +0
+
+  - path: /etc/systemd/system/forgejo-reboot.timer
+    content: |
+      [Unit]
+      Description=Nightly reboot (lands 30 min after Watchtower so container updates apply first)
+
+      [Timer]
+      OnCalendar=*-*-* 04:30:00
+      Persistent=true
+
+      [Install]
+      WantedBy=timers.target
+
 runcmd:
   - mkdir -p /mnt/disks/forgejo-data
   - if ! blkid /dev/disk/by-id/google-forgejo-data; then mkfs.ext4 -F /dev/disk/by-id/google-forgejo-data; fi
@@ -130,3 +151,4 @@ runcmd:
   - mkdir -p /mnt/disks/forgejo-data/forgejo /mnt/disks/forgejo-data/caddy
   - systemctl enable --now forgejo-stack.service
   - systemctl enable --now forgejo-backup.timer
+  - systemctl enable --now forgejo-reboot.timer