Slice 4 — User can 'git push'; web file viewer renders the commit

[safayavatsal]

What to build

Make Repositories writable over HTTPS and readable in the web UI.

• HTTPS Git transport accepts git push from an authenticated session, writes through GitRepository.CreateBranch and the underlying git-receive-pack.
• Permission check: only the Repository owner may push at this stage. PermissionChecker is introduced here as a deep module with table-driven tests.
• Web file viewer: a Repository home page shows the file tree at HEAD of the default branch, with a branch switcher. Clicking a file shows its contents (text only — binary handling is post-MVP).
• README.md, if present at repo root, is rendered below the file tree on the Repository home page.

Acceptance criteria

• A user can git clone, add a commit, and git push to their own Repository.
• A user pushing to someone else's Repository receives a clean permission denial.
• The web UI file tree reflects the pushed state within seconds (no caching pitfalls).
• The branch switcher shows all branches; switching changes the displayed tree.
• README.md at repo root renders as Markdown on the Repository home page.
• PermissionChecker has table-driven tests covering the (actor × repo-owner × action) matrix for read and push.

Blocked by

• Slice 3 — User can create an empty Repository and 'git clone' it over HTTPS #3