Password change tests were using the admin account, which invalidated
all admin sessions including the shared integration_client. Now all
password change tests create and use dedicated test users, keeping
the admin session intact for other tests.
Tests updated:
- test_change_password_success
- test_change_password_wrong_current
- test_password_too_short_on_change
- Add auth_client fixture (function-scoped) for authentication tests
- Update all tests in test_auth_api.py to use auth_client
- Prevents auth tests from polluting the shared integration_client session
- Each auth test gets a fresh client, avoiding state leakage
- Add ORCHARD_LOGIN_RATE_LIMIT env var to Helm deployment template
- Set relaxed rate limit (1000/minute) for dev/stage deployments
- Production keeps strict default (5/minute) for security
- Re-enable auth tests in CI (no longer excluded by marker)
- Update test docstrings to reflect rate limit configuration
- Add auth_intensive marker for tests that make many login requests
- Mark all tests in test_auth_api.py with auth_intensive
- Exclude auth_intensive tests from CI integration runs against deployed
environments (they trigger 429 rate limiting)
- Remove duplicate TestSecurityEdgeCases class definition
- Register auth_intensive, integration, large, slow markers in conftest.py
