Prune rate limit buckets incrementally

[saurabhhhcodes]

What changed

• Reworked the rate-limiter hot path in backend/main.py so stale bucket cleanup is incremental instead of scanning every bucket on every request.
• Switched the bucket table to LRU-style ordering and prune only a small batch of expired entries per request.
• Cleaned up the regression test to use the real bucket shape and the actual rate-limit helper signature.
• Removed a stray duplicate @app.post("/api/interactions") block that was breaking backend/main.py parsing.

Why

The old cleanup loop walked every tracked client bucket inside the global rate-limit lock on each request. That makes latency grow with bucket count and creates an easy thread-starvation path if the table is flooded with spoofed IPs.

Validation

• python3 -m py_compile backend/main.py tests/test_patches.py
• git diff --check
• Local runtime smoke was blocked by a missing websockets.asyncio dependency in this environment after the NumPy rollback, so I stopped short of a full import-level run here.

Closes #1629

[github-actions]

🎉 Welcome to Hybrid Recommender, @saurabhhhcodes! This is your first contribution here!

Labels added: gssoc:approved | mentor:leonagoel | status:review-needed

PR Description Checklist:

YES - What changed section
YES - Why section
NO - How to test section
YES - Related issue linked

⚠️ Some required sections are missing. Please update your PR description.

What happens next:

1. @leonagoel will review your changes
2. CI checks must pass
3. Once approved, this PR will be auto-merged

⏱️ Please respond to review comments within 48 hours.