By: Michael Lynch <git@mtlynch.io>
Inject shared-secret auth rate limiter Make shared-secret authentication depend on a rate limiter function supplied by callers. This keeps the authenticator focused on authentication and lets tests set rate-limit behavior directly without exercising the concrete limiter.