Add rate limiting and in-memory caching for forward auth endpoint

Rate limit failed attempts (50/min per IP) with 429 + Retry-After.
Cache forward auth applications in a dedicated MemoryStore (8MB LRU)
to avoid loading all apps from SQLite on every request. Debounce
last_activity_at writes to at most once per minute per session.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test/test_helper.rb

@@ -32,5 +32,10 @@ module ActiveSupport
     fixtures :all
 
     # Add more helper methods to be used by all tests here...
+
+    # Clear in-memory forward auth cache before each test to prevent cross-test pollution
+    setup do
+      Rails.application.config.forward_auth_cache&.clear
+    end
   end
 end