fix(og): add per-IP rate limiting to /api/og

[taniy8]

Description

Fixes #5753

Problem

app/api/og/route.tsx had zero rate limiting, making it the only unprotected
API route in the codebase. This endpoint is embedded in every page's <meta og:image>
tag, meaning every social media bot (Twitter, Discord, Slack, LinkedIn) that crawls
a shared CommitPulse link fires a fresh fetchGitHubContributions call against the
GitHub API with no throttle.

A single viral post or coordinated scrape could exhaust the entire GitHub API quota,
taking down /api/streak and /api/stats for all users globally since they share
the same token pool.

Fix

Added per-IP rate limiting (30 requests/minute) at the top of the GET handler,
consistent with the pattern used in /api/notify, /api/reviews, /api/ci-analytics,
and /api/webhook.

Added a test verifying 429 is returned when the limit is exceeded.

Pillar

• 🎨 Pillar 1 — New Theme Design
• 📐 Pillar 2 — Geometric SVG Improvement
• 🕐 Pillar 3 — Timezone Logic Optimization
• 🛠️ Other (Bug fix, refactoring, docs)

Visual Preview

N/A

Checklist before requesting a review:

• I have read the CONTRIBUTING.md file.
• I have tested these changes locally (localhost:3000/api/streak?user=YOUR_USERNAME).
• I have run npm run format and npm run lint locally and resolved all errors (CI will fail otherwise).
• My commits follow the Conventional Commits format (e.g., feat(themes): ..., fix(calculate): ...).
• I have updated README.md if I added a new theme or URL parameter.
• I have started the repo.
• I have made sure that i have only one commit to merge in this PR.
• The SVG output matches the CommitPulse "premium quality" aesthetic standard (no raw elements, smooth animations, correct fonts).
• (Recommended) I joined the CommitPulse Discord community for contributor discussions, mentorship, and faster PR support.

Suggested labels: level:critical, bug, security

[vercel]

@taniy8 is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

📦 Next.js Bundle Size Report (Gzipped Sizes)

✨ No significant bundle size changes detected.

📊 Summary of Totals

Category	PR Size	Base Size	Difference
Total JS	3433.75 KB	3433.75 KB	0 B
Total CSS	258.05 KB	258.05 KB	0 B

[Aamod007]

Nice hardening pass. In �pp/api/og/route.tsx, the new getClientIp(req) keying plus RateLimiter guard closes the unthrottled path before it can fan out GitHub API usage, and the new test in �pp/api/og/route.test.ts proves the 429 branch is wired correctly.