[CT-26] Write integration tests for rate limiting

[mftee]

Problem

The rate limiter (governor crate) is configured in the application but its behaviour under load is never tested. An incorrectly configured rate limiter could silently allow unlimited requests or block all traffic.

Proposed Solution

Write integration tests for rate limiting behaviour inside contract/module/tests/rate_limit_tests.rs.

Acceptance Criteria

• Test: sending 10 rapid requests to POST /verify from the same IP all return 200 (within the allowed limit)
• Test: the 11th request within the rate limit window returns 429 Too Many Requests
• Test: the 429 response includes a Retry-After header with a positive integer value
• Test: requests from different IP addresses are rate-limited independently (one IP at limit does not block another)
• Tests configure a low limit (e.g. 10 requests per second) specifically for the test environment to keep tests fast
• All test files live inside contract/module/tests/