Per-route rate limits

Every public-facing API route now enforces rate limits via a shared rateLimit() helper. Limits are applied per IP and per API key separately, so a shared IP (e.g. a corporate NAT) doesn't accidentally cap unrelated users.

Default limits:

• /api/chat — 60 requests/minute per bot (matches embed widget use)
• /api/v1/* — 120 requests/minute per API key
• Auth and webhook routes — separate, tighter limits

When a request is rate-limited, the API returns a 429 Too Many Requests with a Retry-After header. The embed widget handles this gracefully and shows a "give me a moment" message instead of a blank error.

Commit: 7d105f5