feat: add rate limiting to WebSocket connections

WebSocket clients were completely unprotected from abuse. Add RateLimiter
interface to WebSocket handler and enforce limits on EVENT and REQ messages.

- Add RateLimiter interface with Allow(identifier, method) method
- Track client IP in connState (proxy-aware via X-Forwarded-For)
- Check rate limits in handleEvent and handleReq
- Use authenticated pubkey as identifier, fallback to IP
- Share same rate limiter instance with gRPC
- Add getClientIP() helper that checks proxy headers first

Critical security fix for production deployment. Without this, any client
could spam unlimited events/subscriptions via WebSocket.

0 files changed, 0 insertions, 0 deletions