feat: implement configurable API rate limiting middleware (#110)

[deekshu15]

Closes #110

Changes Made

• Added RateLimitingFilter.java — servlet filter using Bucket4j
• Added RateLimitConfig.java — registers the filter for /api/* endpoints
• Global limit: 100 requests/min per IP (configurable via RATE_LIMIT_GLOBAL)
• Sensitive endpoints (/login, /users, /oauth): 10 req/min per IP (configurable via RATE_LIMIT_SENSITIVE)
• Returns proper 429 JSON response when limit is exceeded
• Logs all violations with IP address and path
• Added configuration to root-config.properties

[devaanshSingh]

@deekshu15

• The default configurations should be configured in the database rather than handling in the codebase. There is a module named system configurations in the project for such values.
• Same goes for the sensitive endpoints.
• Logging should also be persisted into the database.

[deekshu15]

Hi @devaanshSingh, thank you for the feedback! I've made the following changes:

1. Rate limit configurations (global limit, sensitive limit) are now stored
   in the rate_limit_config database table instead of the properties file.
2. Sensitive endpoints are now stored in the rate_limit_sensitive_endpoints
   table and fetched dynamically from the database.
3. Rate limit violations are now persisted to the rate_limit_violation_log
   table in the database.

Migration script added as V21__rate_limit_config_and_logs.sql

Please review the updated changes. Thank you!