feat(rate-limiting): add per-bucket limits and startup validation

- Add per-bucket rate limit config (ban, unban, import, config, jail, filter, action)
- Add process-local warning at startup for multi-worker deployments
- Document Redis migration path for shared state across workers
- Remove Issue #42 from Tasks.md (resolved)

backend/app/startup.py

@@ -302,6 +302,16 @@ async def _stage_check_worker_mode_and_acquire_lock(startup_db: Any) -> None:
             "See Docs/Architekture.md § Deployment Constraints for details."
         )
 
+    log.warning(
+        "rate_limiting_process_local_only",
+        message=(
+            "Rate limiting is process-local. With multiple workers, each worker enforces "
+            "its own independent limit — an attacker can send N × limit requests before "
+            "any worker triggers a block. Deploy with a single worker, or replace the "
+            "in-process store with a shared backend (e.g., Redis) for multi-worker setups."
+        ),
+    )
+
 
 async def _stage_init_database(app: FastAPI, settings: Settings) -> Any:
     """Initialize database schema and load setup state.