Add Rate Limiting and Security Hardening Module

[Mkalbani]

Description

Implement a security module that applies rate limiting, request throttling, and HTTP security headers across the API. LogiQuest's on-chain integrations and scoring system make it a target for abuse — bots farming rewards, brute-forcing logins, or spamming puzzle submissions. This module enforces limits globally and per-route to keep the API fair and resilient.

Acceptance Criteria

• A security module is scaffolded at src/security/
• @nestjs/throttler is configured with global rate limits (e.g. 100 req/min per IP)
• Auth endpoints (/auth/login, /auth/register) have stricter limits (e.g. 10 req/min)
• helmet is applied globally to set secure HTTP headers
• CORS is configured with an allowlist of approved origins via env config
• Rate limit errors return 429 with a Retry-After header
• Throttle limits are overridable per route using a decorator
• Unit tests cover global limit enforcement, per-route overrides, and 429 response shape