feat: implement security headers and rate limiting; update environment variables and documentation

backend/src/products/products.controller.ts

@@ -13,6 +13,7 @@ import {
   Query,
   Request,
 } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
 import { Public } from '../auth/decorators/public.decorator';
 import { CreateProductDto } from './dto/create-product.dto';
 import { UpdateProductDto } from './dto/update-product.dto';
@@ -89,6 +90,7 @@ export class ProductsController {
 
   @Roles('admin')
   @Post('ai-categorize-bulk')
+  @Throttle({ default: { ttl: 60_000, limit: 5 } })
   @HttpCode(200)
   async aiCategorizeBulk(@Body() body: AiCategorizeBulkDto) {
     const categories = await this.categoriesService.findFlattened();
@@ -113,6 +115,7 @@ export class ProductsController {
   }
 
   @Get(':id/suggest-category')
+  @Throttle({ default: { ttl: 60_000, limit: 20 } })
   async suggestCategory(
     @Param('id', ParseIntPipe) id: number,
     @Request() req: { user: { role: string; isPremium: boolean } },