feat: rate limits, migration CI, event E2E tests, and production deploy docs

[Nanle-code]

Summary

This PR addresses four related backend hardening items in one release:

• Tune rate limiter and add per-route overrides #101 — Per-route rate limiting (global, auth, admin, internal) with env-driven limits and trusted IP / X-Internal-Token bypass; documented in the README; unit tests for stricter auth limits and allowlist behavior.
• Add Prisma migration CI job and safe deploy checklist #100 — migration-smoke CI job that runs prisma migrate deploy against an isolated DB, checks migration status, and runs npm run smoke; scripts/apply-migration.sh for safe roll-forward deploys.
• Add end-to-end tests for event listener and processing pipeline #98 — E2E tests for the event listener pipeline (mocked RPC + in-memory Prisma): normal processing, deduplication, DLQ failure path and retry, and listener poll/cursor advance.
• Document secrets management and production deployment checklist #99 — docs/PRODUCTION_DEPLOYMENT.md covering secret managers, rotation for JWT_SEED / WALLET_ENCRYPTION_KEY / STELLAR_AGENT_SECRET_KEY, CI/CD injection, deploy checklist, health/readiness, and migration rollback.

Test plan

• npm test (415 tests)
• npm run lint
• CI migration-smoke job passes on the PR
• npm run smoke against a migrated staging DB (optional manual check)

Closes #98
Closes #99
Closes #100
Closes #101

[drips-wave]

@Nanle-code Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits