Resolve issues #2, #11, #15, #16, #22, #34

[MicD746]

Resolves all 6 open issues owned by MicD746 in one batch.

• Closes security: remove hardcoded default database password from configuration #2 — security: hardcoded gist DB credentials removed from Backend/src/config/configuration.ts, Backend/src/database/data-source.ts, and Backend/src/database/database.module.ts. Added preflight check in Backend/src/main.ts that throws before NestFactory.create if DATABASE_USER, DATABASE_PASSWORD, or DATABASE_NAME are missing.
• Closes security: add Helmet middleware for HTTP security headers #11 — security: Helmet HTTP security headers (helmet@^8.2.0) applied globally in Backend/src/main.ts before any other middleware.
• Closes security: add request body size limiting middleware #15 — security: JSON / urlencoded body size capped at 100 kb (MAX_BODY_SIZE env override) via app.useBodyParser in Backend/src/main.ts.
• Closes security: add per-IP rate limiting differentiation for public endpoints #16 — security: per-IP rate limiting via @nestjs/throttler. ThrottlerModule.forRootAsync reads THROTTLE_TTL_MS / THROTTLE_LIMIT; global ThrottlerGuard (APP_GUARD) tracks by req.ip; GistsController annotates the write path with @Throttle and the read paths with @SkipThrottle. app.set("trust proxy", TRUST_PROXY) makes X-Forwarded-For work behind ALB / nginx. Auth-vs-anon differentiation is wired up to receive higher limits once Issue security: implement authentication and authorization layer for all API endpoints #3 lands.
• Closes refactor: enable strict TypeScript checks in Backend tsconfig #22 — refactor: enabled strictNullChecks, noImplicitAny, strictBindCallApply, forceConsistentCasingInFileNames, noFallthroughCasesInSwitch in Backend/tsconfig.json. strictPropertyInitialization is intentionally left disabled (with rationale) because NestJS constructor injection patterns rely on it.
• Closes ci: add Dependabot configuration for automated dependency PRs #34 — ci: .github/dependabot.yml covers npm (Backend, Frontend, analytics), cargo (contracts), and github-actions with a weekly Monday schedule, grouped minor/patch updates, and the required dependencies + automation labels. The legacy infrastructure/ci/dependency-updates.yml schedule is disabled to avoid duplicate weekly PRs alongside Dependabot — manual workflow_dispatch retained for emergencies.

Verification

• npx tsc --noEmit (strict TS) → clean
• npm run build → clean

[snowrugar-beep]

Hey @MicD746 👋 Really appreciate the breadth of fixes bundled here — tackling #2, #11, #15, #16, #22, and #34 in one go is ambitious. However, CI is currently failing on two checks on this PR: the Backend (NestJS) job and the Validate PR title (Conventional Commits) lint (the current title Resolve issues #2, #11, #15, #16, #22, #34 isn’t Conventional-Commits-friendly).

A couple of options if you’d like to keep the bundle: (1) retitle the PR with a Conventional Commits prefix (e.g. chore: address security and tooling issues (#2, #11, #15, #16, #22, #34)), and (2) push a backend fix so the NestJS job goes green. Happy to merge this across all of those issues once everything is green.