[Bug] Rate limiter visitor map grows unbounded under high traffic

[ftery0]

Problem

The cleanup goroutine in middleware/ratelimit.go runs every 2 * window, but entries expire after one window. Under high traffic with many unique IPs, the visitor map can grow without bound.

func (rl *rateLimiter) cleanup() {
    ticker := time.NewTicker(2 * rl.window) // window=1min → cleanup every 2min
    // expired entries can linger for up to 2× window duration
}

Impact

• Memory leak in public-facing APIs with high IP diversity
• Potential OOM in long-running servers

Proposed Fix

Option A — reduce cleanup interval to window:

ticker := time.NewTicker(rl.window)

Option B — replace with a bounded LRU map (cap max tracked IPs)

Option C — migrate to golang.org/x/time/rate sliding window algorithm

Acceptance Criteria

• Visitor map does not grow indefinitely
• Existing rate limit behavior is preserved
• Unit test demonstrating bounded memory usage