Implement rate limiting per user and per API key

[Smartdevs17]

Description

No rate limiting exists making the API vulnerable to abuse. Implement distributed rate limiting with per-user and per-key counters.

Acceptance Criteria

• Sliding window rate limiter using Redis
• Per-API-key and per-user rate limits
• Tier-based limits (free, pro, enterprise)
• Rate limit headers (X-RateLimit-Remaining, X-RateLimit-Reset)
• Graceful 429 with Retry-After
• Rate limit analytics dashboard

Technical Scope

• backend/services/
• src/middleware/
• Edge: distributed counter accuracy, clock skew, rate limit bypass via multiple keys

[Solaristicsolar1]

@Solaristicsolar1 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I’d like to work on this issue because I’m interested in backend security and API reliability. I’ve worked with authentication, middleware, and request handling before, and I’d love to help implement proper rate limiting for both users and API keys to improve system stability.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Solaristicsolar1 to this issue.