There are a few ways to do it, but you don't use caddy for SSH.
host SSH on port 22, forgejo on a different port. Expose both ports to the internet
host SSH on a different port, forgejo on port 22. Expose both ports to the internet
host SSH on port 22. Forgejo on port 2222. Only 22 exposed to the internet. Change the authorized_keys user of the git user on host to automatically call the internal forgejo SSH app
Last option is how I run my Gitea instance, authorized keys is managed by gitea so you don't really need to do anything high maintenance.