feat: implement user-based daily publish rate limiting (#21)

[nagarwal-godaddy]

Motivation and Context

Issue #21

How Has This Been Tested?

• All existing tests updated for new method signatures
• New tests for concurrent requests, exemptions, and user-specific limits

Breaking Changes

N/A

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)
• [ ] Documentation update

Checklist

• [x] I have read the MCP Documentation
• [x] My code follows the repository's style guidelines
• [x] New and existing tests pass locally
• [x] I have added appropriate error handling
• [x] I have added or updated documentation as needed

Additional context

• Rate limit by authenticated user authMethodSubject based off of #378
• Admin bypass via hasGlobalPermissions parameter from auth handler
• Atomic database operations with separate publish_attempts table
• Integrated rate limiting directly into registry service
• Support for rate limit exemptions with wildcard patterns
• Comprehensive test coverage including concurrent request handling

Configuration:

• MCP_REGISTRY_RATE_LIMIT_ENABLED: Enable/disable rate limiting (default: true)
• MCP_REGISTRY_RATE_LIMIT_PER_DAY: Daily publish limit per user (default: 10)
• MCP_REGISTRY_RATE_LIMIT_EXEMPTIONS: Comma-separated exempt users/patterns

Database changes:

• New table: publish_attempts tracking auth_method_subject instead of namespace
• Atomic check-and-increment operation prevents race conditions

[nagarwal-godaddy]

@domdomegg @tadasant I put together these changes based on #21 and an earlier PR #378 for reference. I’d love to start contributing to the project, and this seemed like a good place to begin since it hadn’t had much recent discussion.

Happy to adjust and work through updates once you’ve had a chance to review, looking forward to your feedback!