fix: infra: CI broken on main — missing WOODPECKER_PLUGINS_PRIVILEGED server env + misplaced .woodpecker/ops-filer.yml in project repo (#779)

Part 1: Add WOODPECKER_PLUGINS_PRIVILEGED to woodpecker service environment
in lib/generators.sh, defaulting to plugins/docker, overridable via .env.
Document the new key in .env.example.

Part 2: Delete .woodpecker/ops-filer.yml from project repo — it belongs in
the ops repo and references secrets that don't exist here. Full ops-side
filer setup deferred until sprint PRs need it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.woodpecker/ops-filer.yml

@@ -1,36 +0,0 @@
-# .woodpecker/ops-filer.yml — Sub-issue filer pipeline (#764)
-#
-# Triggered on push to main of the ops repo after a sprint PR merges.
-# Parses sprints/*.md for ## Sub-issues blocks and files them on the
-# project repo via filer-bot (FORGE_FILER_TOKEN).
-#
-# NOTE: This pipeline runs on the ops repo. It must be registered in the
-# ops repo's Woodpecker project. The filer script (lib/sprint-filer.sh)
-# lives in the code repo and is cloned into the workspace.
-#
-# Idempotency: safe to re-run — each sub-issue carries a decomposed-from
-# marker that the filer checks before creating.
-
-when:
-  branch: main
-  event: push
-
-steps:
-  - name: file-subissues
-    image: alpine:3
-    commands:
-      - apk add --no-cache bash curl jq
-      # Clone the code repo to get the filer script
-      - AUTH_URL=$(printf '%s' "${FORGE_URL}/disinto-admin/disinto.git" | sed "s|://|://token:${FORGE_FILER_TOKEN}@|")
-      - git clone --depth 1 "$AUTH_URL" /tmp/code-repo
-      # Run filer against all sprint files in the ops repo workspace
-      - bash /tmp/code-repo/lib/sprint-filer.sh --all sprints/
-    environment:
-      FORGE_FILER_TOKEN:
-        from_secret: forge_filer_token
-      FORGE_URL:
-        from_secret: forge_url
-      FORGE_API:
-        from_secret: forge_api
-      FORGE_API_BASE:
-        from_secret: forge_api_base