Add rate limiting to login endpoint

Security:
- Add slowapi dependency for rate limiting
- Create rate_limit.py module with configurable limits
- Apply 5 requests/minute limit to login endpoint
- Make rate limit configurable via ORCHARD_LOGIN_RATE_LIMIT env var

Testing:
- Set high rate limit (1000/min) in docker-compose.local.yml for tests
- All 265 tests pass

backend/app/routes.py

@@ -374,9 +374,11 @@ from .auth import (
     check_project_access,
     AuthorizationService,
 )
+from .rate_limit import limiter, LOGIN_RATE_LIMIT
 
 
 @router.post("/api/v1/auth/login", response_model=LoginResponse)
+@limiter.limit(LOGIN_RATE_LIMIT)
 def login(
     login_request: LoginRequest,
     request: Request,