Closes #465

Summary

• Extend throttler to apply different rate limits based on user tier (free, verified, premium, enterprise, admin)
• Tier derived from JWT payload: role (ADMIN) and kycStatus (APPROVED → verified tier)
• Inject X-RateLimit-Limit, X-RateLimit-Tier, Retry-After, and X-RateLimit-Reset headers
• Add admin dashboard endpoints for monitoring violations: summary, recent list, and per-user queries
• Record violations in an in-memory circular buffer (last 1000 entries)

Test plan

• Unauthenticated requests get free tier limits (60/min)
• KYC-approved users get verified tier limits (150/min)
• Admin users get admin tier limits (1000/min)
• Response headers include X-RateLimit-Limit and X-RateLimit-Tier
• 429 responses include Retry-After and X-RateLimit-Reset headers
• Admin GET /admin/rate-limits/summary returns violation stats
• Admin GET /admin/rate-limits/violations returns recent violations
• Non-admin users cannot access rate limit monitoring endpoints