Implement token bucket rate limiting with IPv6 /64 normalization

- Add TokenBucket with nodelay semantics (nginx limit_req burst nodelay)
- Per-IP rate limiting: IPv4 /32, IPv6 /64 prefix normalization
- DashMap for concurrent access, ArcSwap for lock-free config reads
- Background eviction task for stale entry cleanup
- 429 response with plain text body, RATE_LIMIT log prefix
- Config reload adopts new rate/burst on next request without clearing state
- Unit tests for bucket algorithm and IPv6 normalization
- Integration tests for 429 responses and per-IP independence

Cargo.toml

@@ -32,6 +32,7 @@ signal-hook = "=0.3.18"
 anyhow = "=1.0.102"
 thiserror = "=2.0.18"
 futures = "=0.3.31"
+dashmap = "=6.1"
 
 [dev-dependencies]
 rcgen = "=0.13"