[Feature]: Security: Rate-limit auth routes (/api/auth/login and /register)

[Sainava]

Where are you from?

Mention the even you are from.

[ ✔️] OSCI

Description of the Feature

Add targeted rate limiting to authentication endpoints to mitigate brute-force and signup abuse.

What to add:

Use express-rate-limit with strict, per-route limiters
POST /api/auth/login: 10 requests per 15 minutes per IP (defaults)
POST /api/auth/register: 5 requests per hour per IP (defaults)
Return consistent 429 JSON responses:
{ success: false, message: "Too many login attempts. Try again later." }
Ensure correct client IPs behind proxies:
app.set("trust proxy", 1) in index.js
Keep the existing global limiter as a coarse safety net
Make limits configurable via env:
AUTH_LOGIN_MAX (default 10)
AUTH_LOGIN_WINDOW_MS (default 900000)
AUTH_REGISTER_MAX (default 5)
AUTH_REGISTER_WINDOW_MS (default 3600000)

Acceptance criteria:

Exceeding login/register thresholds returns 429 with the JSON body above
Limits can be tuned via the env vars without code changes
Health check remains unaffected
Brief docs added to README (how to configure, defaults)
Files touched: server/routes/authRoutes.js, index.js

[github-actions]

Thank you for raising this issue!

We'll review it as soon as possible. We truly appreciate your contributions! ✨

Meanwhile make sure you've visited the README.md, CONTRIBUTING.md, and CODE_OF_CONDUCT.md before creating a PR for this. Also, please do NOT create a PR until this issue has been assigned to you. 😊

[GollaBharath]

I am assigning this issue to you. Go ahead @Sainava