Adds a fixed-window rate limiter (default 60 req/60s per IP) to all
public account endpoints (AccountResource, ChallengeResource,
OfficialChallengeResource). Implemented as a JAX-RS @NameBinding
ContainerRequestFilter in the shared security module.
IP is resolved from X-Forwarded-For > X-Real-IP > "unknown".
Load-test traffic can bypass via X-Gatling-Secret header matched
against the optional nowchess.rate-limit.gatling-secret config.
Exceeded requests receive HTTP 429 with a warn-level log.
Closes NCS-65
https://knockoutwhist.youtrack.cloud/issue/NCS-65
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Janis