Add rate-limiting for authentication endpoints and health check feature

- Introduced rate-limiting to `/auth/*` routes with configurable limits using `SlowAPI`.
- Added `/health` endpoint for service monitoring and load balancer health checks.
- Updated `requirements.txt` to include `SlowAPI` for rate limiting.
- Implemented tests for rate-limiting and health check functionality.
- Enhanced configuration and security with updated environment variables, pinned dependencies, and validation adjustments.
- Provided example usage and extended coverage in testing.

backend/requirements.txt

@@ -12,10 +12,8 @@ alembic>=1.14.1
 psycopg2-binary>=2.9.9
 asyncpg>=0.29.0
 aiosqlite==0.21.0
-# Security and authentication
-python-jose>=3.4.0
-passlib>=1.7.4
-bcrypt>=4.1.2
+
+# Environment configuration
 python-dotenv>=1.0.1
 
 # API documentation
@@ -26,6 +24,9 @@ ujson>=5.9.0
 starlette>=0.40.0
 starlette-csrf>=1.4.5
 
+# Rate limiting
+slowapi>=0.1.9
+
 # Utilities
 httpx>=0.27.0
 tenacity>=8.2.3
@@ -44,9 +45,11 @@ isort>=5.13.2
 flake8>=7.0.0
 mypy>=1.8.0
 
-# Security
+# Security and authentication (pinned for reproducibility)
 python-jose==3.4.0
+passlib==1.7.4
 bcrypt==4.2.1
 cryptography==44.0.1
-passlib==1.7.4
+
+# Testing utilities
 freezegun~=1.5.1