Add docs for rate limiting configuration and which endpoints are protected by default

[Chucks1093]

Summary

The server has rate limiting but contributors and operators have no documented reference for which endpoints are protected, what the default limits are, and how to adjust them per environment.

Scope

• Document which endpoints have rate limiting applied by default: alert registration, webhook registration, and any mutation routes
• State the default request limits and the time window (e.g. 60 requests per minute per IP)
• Explain how to override limits via environment config for staging vs production
• Add a note on how rate limit errors are returned (status code, response shape)

Acceptance Criteria

• Protected endpoints are listed with their default limits
• Time window is stated
• Environment config override is explained
• Rate limit error response shape is documented

ETA: 12 hours

---

Coordinate on Telegram

[Francis6-git]

@Francis6-git has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would love to work on this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Francis6-git to this issue.

[drips-wave]

Congratulations, @Francis6-git! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @Francis6-git: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊