feat: add per-namespace agent rate limiting

[ashike24]

Summary

Adds per-namespace rate limiting to all agent-triggering endpoints in the FinBot vendor portal, protecting the shared LLM quota from exhaustion and ensuring fair access across namespaces.

Motivation

Without rate limiting, a single namespace generating a burst of requests could consume the entire available LLM quota, degrading the experience for every other user of the platform. This change caps the number of agent-invoking requests per namespace within a fixed time window.

Changes

finbot/config.py

• Added AGENT_RATE_LIMIT_MAX (default: 10) and AGENT_RATE_LIMIT_WINDOW_SECONDS (default: 60) to the Settings class with full env var override support.

finbot/core/ratelimit/limiter.py (new)

• Fixed-window Redis counter keyed on finbot:ratelimit:{namespace}:agent.
• Reuses the existing event_bus.redis async client — no second Redis connection.
• Raises HTTP 429 with a descriptive message including current count, max, and TTL remaining.
• Fails open on Redis errors to avoid blocking all users due to infrastructure issues.

finbot/core/ratelimit/__init__.py (new)

• Package marker.

finbot/apps/vendor/routes/api.py

• Added Depends(check_agent_rate_limit) to 5 agent-triggering routes: POST /vendors/register, POST /vendors/{vendor_id}/request-review, POST /invoices, POST /invoices/{invoice_id}/reprocess, and POST /chat.

Test Results

10 integration tests added in tests/integration/test_rate_limiting.py, all passing. No regressions in the existing suite (382 passed, 6 pre-existing failures unchanged).