feat(rate-limiting): add per-bucket limits and startup validation

- Add per-bucket rate limit config (ban, unban, import, config, jail, filter, action)
- Add process-local warning at startup for multi-worker deployments
- Document Redis migration path for shared state across workers
- Remove Issue #42 from Tasks.md (resolved)

backend/app/utils/rate_limiter.py

@@ -219,9 +219,16 @@ class GlobalRateLimiter:
     request counting: when an IP exceeds the limit, the next request is blocked
     until the oldest request in the window expires.
 
-    Process-local implementation — each worker maintains independent counters.
-    Designed for single-worker deployments where the blast radius is isolated
-    to one worker.
+    **Process-local implementation** — Each worker maintains independent counters.
+    In multi-worker deployments (N workers), an attacker can send up to N × limit
+    requests before any single worker triggers a block. The single-worker scheduler
+    lock provides partial protection, but deployments requiring horizontal scaling
+    should replace this with a Redis-backed store using atomic INCR + EXPIRE.
+
+    **Long-term migration path:** The check_allowed() and check_allowed_for_bucket()
+    interfaces map directly to Redis INCR + EXPIRE. A drop-in RedisRateLimiter
+    adapter would only need to replace the deque-based in-memory store with Redis
+    calls, without touching any caller code.
 
     **How It Works:**