fix: respect STREAM_CREATE_RATE_LIMIT in streamCreationRateLimiter

[wheval]

📌 Summary

Fixes the pre-configured streamCreationRateLimiter so STREAM_CREATE_RATE_LIMIT controls the per-wallet limit on POST /v1/streams, and documents the env var in .env.example.

🎯 Purpose / Motivation

streamCreationRateLimiter was created with max: 10 hardcoded, which bypassed the factory’s STREAM_CREATE_RATE_LIMIT fallback. Operators could set the env var in production but the limit stayed at 10, and the JSDoc was misleading.

🛠️ Changes Made

• [Backend] Pre-configured streamCreationRateLimiter ignores STREAM_CREATE_RATE_LIMIT env var #549: Omit max from streamCreationRateLimiter so createStreamRateLimiter reads STREAM_CREATE_RATE_LIMIT (default 10).
• Document STREAM_CREATE_RATE_LIMIT in backend/.env.example.
• Strengthen stream-rate-limiter.test.ts with behavioral tests for env override, including the exported limiter via dynamic import.

🧪 How to Test

1. In backend/, run npm test -- stream-rate-limiter.test.ts — all tests should pass.
2. Set STREAM_CREATE_RATE_LIMIT=3, start the backend, and send more than 3 authenticated POST /v1/streams requests from the same wallet within one minute — the 4th should return 429.
3. Unset the variable (or set STREAM_CREATE_RATE_LIMIT=10) and confirm the default limit is 10.

📸 Screenshots (if applicable)

N/A — backend-only change.

⚠️ Breaking Changes

• None. Default behavior remains 10 requests per minute when the env var is unset.

🔗 Related Issues

Closes #549

✅ Checklist

• Code builds successfully
• Tests added/updated
• No console errors
• Documentation updated (if needed)