Implement Redis rate limiting middleware for spam endpoints (FRE-4507)

- Add ioredis dependency to API package
- Create Redis connection utility (apps/api/src/config/redis.ts)
- Create Redis-backed spam rate limit middleware with per-minute and daily limits
- Create spam classification routes (SMS, number reputation, call analysis, feedback)
- Register middleware and routes in API server
- Add 7 passing tests for rate limit enforcement
- Update vitest config with required env vars

Co-Authored-By: Paperclip <noreply@paperclip.ing>

apps/api/src/index.ts

@@ -3,6 +3,7 @@ import cors from '@fastify/cors';
 import helmet from '@fastify/helmet';
 import { authMiddleware } from './middleware/auth.middleware';
 import { rateLimitMiddleware } from './middleware/rate-limit.middleware';
+import { spamRateLimitMiddleware } from './middleware/spam-rate-limit.middleware';
 import { errorHandlingMiddleware } from './middleware/error-handling.middleware';
 import { loggingMiddleware } from './middleware/logging.middleware';
 import { apiEnv, loggingConfig } from './config/api.config';
@@ -32,6 +33,9 @@ async function registerPlugins() {
   // Rate limiting
   await fastify.register(rateLimitMiddleware);
 
+  // SpamShield rate limiting (Redis-backed)
+  await fastify.register(spamRateLimitMiddleware);
+
   // Authentication
   await fastify.register(authMiddleware);