Add rate limiting and in-memory caching for forward auth endpoint

Rate limit failed attempts (50/min per IP) with 429 + Retry-After.
Cache forward auth applications in a dedicated MemoryStore (8MB LRU)
to avoid loading all apps from SQLite on every request. Debounce
last_activity_at writes to at most once per minute per session.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

config/initializers/forward_auth_cache.rb

@@ -0,0 +1,2 @@
+Rails.application.config.forward_auth_cache =
+  ActiveSupport::Cache::MemoryStore.new(size: 8.megabytes)