Security: ensure global and per-route rate-limiting and abuse protection

[gelluisaac]

Description: Ensure unauthenticated endpoints and critical endpoints have rate limiting protections; verify rate-limiter-flexible is applied consistently.

• Scope: packages/backend middleware and routes.
• Expected behavior: Rate-limits applied with sensible defaults and whitelisting for internal services.
• Current behavior: Rate-limiter library present but audit required.
• Steps to reproduce: Inspect middleware and test endpoints.
• Acceptance criteria: All public endpoints have rate-limits and tests validate throttling behavior.
• Priority: high
• Files/components affected: packages/backend/src/middleware
• Recommended implementation steps:
  1. Add centralized rate-limiter middleware and unit tests.
  2. Configure per-route limits and exemptions.

[francisdouglas-ux]

@francisdouglas-ux has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Can you assign me this issue to fix?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @francisdouglas-ux to this issue.

[sweetesty]

@sweetesty has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi please can I work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @sweetesty to this issue.