feat(rate-limit): per-user limiters for OCR, AI, and exports

Adds three named rate limiters to the existing Redis sliding-window
catalog and a withRateLimit wrapper that composes inside withAuth.
Wires the OCR limiter into the receipt-scan endpoint so a runaway
client can't burn through the AI budget in a tight loop.

- ocr: 10/min/user
- ai: 60/min/user (reserved for future server-side AI surfaces)
- exports: 30/hour/user (reserved for GDPR bundle, PDF, CSV exports)

429 responses include X-RateLimit-* headers and a Retry-After hint.

Tests: 771/771 vitest (was 766) — +5 rate-limit tests covering catalog
shape, sliding window, cross-prefix isolation, cross-user isolation,
and resetAt timestamp.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/lib/rate-limit.ts

@@ -77,4 +77,12 @@ export const rateLimiters = {
   upload: { windowMs: 60 * 1000, max: 10, keyPrefix: 'upload' },
   /** Bulk operations: 5 per minute. */
   bulk: { windowMs: 60 * 1000, max: 5, keyPrefix: 'bulk' },
+  /** Receipt scanner: 10 OCR runs per minute per user. */
+  ocr: { windowMs: 60 * 1000, max: 10, keyPrefix: 'ocr' },
+  /** Server-side AI calls (summary, embeddings, etc): 60 per minute per user. */
+  ai: { windowMs: 60 * 1000, max: 60, keyPrefix: 'ai' },
+  /** Data exports (GDPR bundle, PDF, CSV): 30 per hour per user. */
+  exports: { windowMs: 60 * 60 * 1000, max: 30, keyPrefix: 'export' },
 } as const satisfies Record<string, RateLimitConfig>;
+
+export type RateLimiterName = keyof typeof rateLimiters;