Add Security Headers & Rate Limiting

Description

Implement security headers and rate limiting for API protection.

Acceptance Criteria

• SecurityHeaders middleware created
• X-Frame-Options, X-Content-Type-Options, etc. set
• Rate limiting configured (60 per minute)
• Middleware registered in Kernel.php
• Security headers verified in responses

Implementation Steps

1. php artisan make:middleware SecurityHeaders
2. Implement security headers
3. Register in Kernel.php
4. Configure rate limiting in RouteServiceProvider
5. Test with curl

Reference

• Roadmap: docs/roadmaps/Implementation_Roadmap_Backend.md Phase 9, Step 17
• Standards: backend/CLAUDE.md - Security section

Related Issues

• Depends on: #8 (closed), #9 (closed)