Add rate limiting to protect against DDoS

[chapati23]

Description

Implements HTTP rate limiting to mitigate potential DoS attacks.

• Add global rate limiting via @nestjs/throttler (10 req/s, 50 req/10s, 100 req/min)
• Cache health endpoint responses (30s TTL) to prevent payload amplification
• Configure Express to trust proxy headers for correct client IP detection on Cloud Run
• Replace Jest with Vitest for faster test execution

Context

The health endpoint is somewhat vulnerable to DoS as each request triggers 5+ external API calls (Blockstream, Blockchain.info, RPC nodes, etc.) without caching.

Key Changes

File	Change
src/app.module.ts	ThrottlerModule with 3-tier rate limiting
src/main.ts	trust proxy for Cloud Run load balancer
src/api/health/health.controller.ts	30s response caching
vitest.config.ts	New test runner setup

How to test

1. Verify rate limiting works:

   # After deploying to preview, run this to trigger rate limit
   for i in {1..15}; do curl -s -o /dev/null -w "%{http_code} " https://<preview-url>/api/v1/health; done
   # Should see some 429 responses after ~10 requests

2. Verify health caching:

   # First request populates cache, second should be instant
   time curl https://<preview-url>/api/v1/health
   time curl https://<preview-url>/api/v1/health  # Should be faster

3. Run tests locally:

   pnpm test

4. Code review focus:

   • Rate limit thresholds in src/app.module.ts - are 10/s, 50/10s, 100/min appropriate?
   • Health cache TTL (30s) in src/api/health/health.controller.ts