Add rate-limit headers to /v1/do response

[petterlindstrom79]

The /v1/do endpoint enforces rate limits but doesn't return standard rate-limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset). Adding these helps SDK developers handle rate limiting gracefully.

What to do:

• In apps/api/src/routes/do.ts, add rate-limit response headers after the rate limiter middleware runs
• Follow the standard format: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset (Unix epoch)
• Add to both authenticated and free-tier response paths

Good first issue — straightforward header addition, well-defined scope.