perf: cache API key validation

[Genmin]

Summary

• add a bounded in-memory TTL cache for active MongoDB API-key validation results keyed by SHA-256 key hash
• avoid repeated MongoDB find_one/update_one calls while a key is cached, keeping last_used fresh in the returned copy and refreshing MongoDB on cache miss/expiry
• clear the validation cache when API keys are created, revoked, or renamed so same-process changes take effect immediately
• add focused tests for cache hits, cache expiry, and inactive/missing keys

Why

Authenticated endpoints call validate_api_key on every request. Before this change, each request paid for both a MongoDB lookup and a last_used write. The cache keeps successful validations hot for a short bounded window while preserving existing behavior for invalid keys and in-memory fallback mode.

Fixes #135.

Validation

• python3 -m pytest -o addopts='' tests/test_api_key_store.py -q
• python3 -m py_compile src/database/api_key_store.py tests/test_api_key_store.py
• git diff --check

Note: the repo's default pytest addopts require pytest-cov in the environment; the targeted test was run with addopts disabled because pytest-cov is not installed in this checkout.