fix: No rate limiting on the API-key-authenticated local coding sync

[Aditya8369]

Rate limiting added to POST /api/local-coding/sync keyed by the sha256 hash of the bearer API key (fixed window: 20 requests per 60s). When exceeded, the endpoint now returns 429 with { error: "Rate limit exceeded" } and a Retry-After header.

Updated files:

src/app/api/local-coding/sync/route.ts (added in-memory + Upstash-backed limiter; applied only to POST)
test/local-coding-sync.test.ts (added test asserting 21st POST returns 429; mocked Upstash config to force in-memory)

closes #1690

[vercel]

@Aditya8369 is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[Aditya8369]

@Priyanshu-byte-coder please check this one